DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2018-18690", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2018-18690", "description": "In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.", "published": "2018-10-26T18:29:00", "modified": "2019-10-03T00:03:00", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9}, "severity": "MEDIUM", "exploitabilityScore": 3.9, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18690", "reporter": "cve@mitre.org", "references": ["https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c", "https://bugzilla.suse.com/show_bug.cgi?id=1105025", "https://bugzilla.kernel.org/show_bug.cgi?id=199119", "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b38460dc8e4eafba06c78f8e37099d3b34d473c", "http://www.securityfocus.com/bid/105753", "https://usn.ubuntu.com/3849-2/", "https://usn.ubuntu.com/3848-2/", "https://usn.ubuntu.com/3848-1/", "https://usn.ubuntu.com/3847-3/", "https://usn.ubuntu.com/3847-2/", "https://usn.ubuntu.com/3847-1/", "https://usn.ubuntu.com/3849-1/", "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html", "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html", "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"], "cvelist": ["CVE-2018-18690"], "immutableFields": [], "lastseen": "2023-02-09T14:18:09", "viewCount": 144, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2018:3083"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:61ADF14D6FEC14FA5E06A7684B091D19", "CFOUNDRY:ACBE18A36EB39832526C9AA3F7A3E9CE"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1715-1:4A3F9", "DEBIAN:DLA-1731-1:D19BD", "DEBIAN:DLA-1731-2:E6E1E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-18690"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2018-3083.NASL", "DEBIAN_DLA-1715.NASL", "DEBIAN_DLA-1731.NASL", "EULEROS_SA-2018-1432.NASL", "EULEROS_SA-2019-1027.NASL", "EULEROS_SA-2019-1028.NASL", "EULEROS_SA-2019-1220.NASL", "EULEROS_SA-2019-1223.NASL", "EULEROS_SA-2019-1484.NASL", "EULEROS_SA-2019-1511.NASL", "NEWSTART_CGSL_NS-SA-2019-0070_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0074_KERNEL-RT.NASL", "OPENSUSE-2018-1427.NASL", "ORACLELINUX_ELSA-2018-3083.NASL", "ORACLELINUX_ELSA-2018-4299.NASL", "ORACLEVM_OVMSA-2018-0286.NASL", "REDHAT-RHSA-2018-3083.NASL", "REDHAT-RHSA-2018-3096.NASL", "SLACKWARE_SSA_2019-030-01.NASL", "SUSE_SU-2018-3689-1.NASL", "SUSE_SU-2019-0095-1.NASL", "SUSE_SU-2019-0439-1.NASL", "SUSE_SU-2019-1289-1.NASL", "UBUNTU_USN-3847-1.NASL", "UBUNTU_USN-3847-2.NASL", "UBUNTU_USN-3847-3.NASL", "UBUNTU_USN-3848-1.NASL", "UBUNTU_USN-3848-2.NASL", "UBUNTU_USN-3849-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843856", "OPENVAS:1361412562310843857", "OPENVAS:1361412562310843858", "OPENVAS:1361412562310843859", "OPENVAS:1361412562310843860", "OPENVAS:1361412562310843861", "OPENVAS:1361412562310852140", "OPENVAS:1361412562310891715", "OPENVAS:1361412562310891731", "OPENVAS:1361412562311220181432", "OPENVAS:1361412562311220191027", "OPENVAS:1361412562311220191028", "OPENVAS:1361412562311220191220", "OPENVAS:1361412562311220191223", "OPENVAS:1361412562311220191484", "OPENVAS:1361412562311220191511"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-4299"]}, {"type": "osv", "idList": ["OSV:DLA-1715-1", "OSV:DLA-1731-1"]}, {"type": "photon", "idList": ["PHSA-2019-0128", "PHSA-2019-0212", "PHSA-2019-1.0-0212"]}, {"type": "redhat", "idList": ["RHSA-2018:3083", "RHSA-2018:3096"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-18690"]}, {"type": "slackware", "idList": ["SSA-2019-030-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3817-1"]}, {"type": "ubuntu", "idList": ["USN-3847-1", "USN-3847-2", "USN-3847-3", "USN-3848-1", "USN-3848-2", "USN-3849-1", "USN-3849-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-18690"]}]}, "score": {"value": 3.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2018:3083"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:61ADF14D6FEC14FA5E06A7684B091D19", "CFOUNDRY:ACBE18A36EB39832526C9AA3F7A3E9CE"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1715-1:4A3F9", "DEBIAN:DLA-1731-1:D19BD", "DEBIAN:DLA-1731-2:E6E1E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-18690"]}, {"type": "nessus", "idList": ["EULEROS_SA-2019-1027.NASL", "EULEROS_SA-2019-1028.NASL", "OPENSUSE-2018-1427.NASL", "SLACKWARE_SSA_2019-030-01.NASL", "SUSE_SU-2018-3689-1.NASL", "SUSE_SU-2019-0095-1.NASL", "SUSE_SU-2019-0439-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310852140", "OPENVAS:1361412562310891715", "OPENVAS:1361412562310891731"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-4299"]}, {"type": "photon", "idList": ["PHSA-2019-1.0-0212"]}, {"type": "redhat", "idList": ["RHSA-2018:3083"]}, {"type": "slackware", "idList": ["SSA-2019-030-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3817-1"]}, {"type": "ubuntu", "idList": ["USN-3847-1", "USN-3847-2", "USN-3847-3", "USN-3848-1", "USN-3848-2", "USN-3849-1", "USN-3849-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-18690"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "linux linux kernel", "version": 4}, {"name": "canonical ubuntu linux", "version": 16}, {"name": "canonical ubuntu linux", "version": 18}, {"name": "canonical ubuntu linux", "version": 14}, {"name": "canonical ubuntu linux", "version": 12}, {"name": "debian debian linux", "version": 8}]}, "epss": [{"cve": "CVE-2018-18690", "epss": "0.000440000", "percentile": "0.082350000", "modified": "2023-03-14"}], "vulnersScore": 3.8}, "_state": {"dependencies": 1675955419, "score": 1675954691, "affected_software_major_version": 1677276084, "epss": 1678871962}, "_internal": {"score_hash": "4f792e7a7d122f8c4ac9dcd235ca379d"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:12.04"], "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"], "cwe": ["CWE-754"], "affectedSoftware": [{"cpeName": "linux:linux_kernel", "version": "4.17", "operator": "lt", "name": "linux linux kernel"}, {"cpeName": "canonical:ubuntu_linux", "version": "16.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "14.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "12.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "18.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "debian:debian_linux", "version": "8.0", "operator": "eq", "name": "debian debian linux"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:4.17:*:*:*:*:*:*:*", "versionEndExcluding": "4.17", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c", "name": "https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1105025", "name": "https://bugzilla.suse.com/show_bug.cgi?id=1105025", "refsource": "MISC", "tags": ["Issue Tracking", "Third Party Advisory"]}, {"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199119", "name": "https://bugzilla.kernel.org/show_bug.cgi?id=199119", "refsource": "MISC", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"]}, {"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b38460dc8e4eafba06c78f8e37099d3b34d473c", "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b38460dc8e4eafba06c78f8e37099d3b34d473c", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"]}, {"url": "http://www.securityfocus.com/bid/105753", "name": "105753", "refsource": "BID", "tags": ["VDB Entry", "Third Party Advisory"]}, {"url": "https://usn.ubuntu.com/3849-2/", "name": "USN-3849-2", "refsource": "UBUNTU", "tags": ["Third Party Advisory"]}, {"url": "https://usn.ubuntu.com/3848-2/", "name": "USN-3848-2", "refsource": "UBUNTU", "tags": ["Third Party Advisory"]}, {"url": "https://usn.ubuntu.com/3848-1/", "name": "USN-3848-1", "refsource": "UBUNTU", "tags": ["Third Party Advisory"]}, {"url": "https://usn.ubuntu.com/3847-3/", "name": "USN-3847-3", "refsource": "UBUNTU", "tags": ["Third Party Advisory"]}, {"url": "https://usn.ubuntu.com/3847-2/", "name": "USN-3847-2", "refsource": "UBUNTU", "tags": ["Third Party Advisory"]}, {"url": "https://usn.ubuntu.com/3847-1/", "name": "USN-3847-1", "refsource": "UBUNTU", "tags": ["Third Party Advisory"]}, {"url": "https://usn.ubuntu.com/3849-1/", "name": "USN-3849-1", "refsource": "UBUNTU", "tags": ["Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html", "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html", "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}], "product_info": [{"vendor": "Debian", "product": "Debian_linux"}, {"vendor": "Canonical", "product": "Ubuntu_linux"}, {"vendor": "Linux", "product": "Linux_kernel"}]}

{"ubuntucve": [{"lastseen": "2022-08-04T13:45:27", "description": "In the Linux kernel before 4.17, a local attacker able to set attributes on\nan xfs filesystem could make this filesystem non-operational until the next\nmount by triggering an unchecked error condition during an xfs attribute\nchange, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c\nmishandles ATTR_REPLACE operations with conversion of an attr from short to\nlong form.\n\n#### Bugs\n\n * <https://bugzilla.kernel.org/show_bug.cgi?id=199119>\n * <https://bugzilla.suse.com/show_bug.cgi?id=1105025>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-26T00:00:00", "type": "ubuntucve", "title": "CVE-2018-18690", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18690"], "modified": "2018-10-26T00:00:00", "id": "UB:CVE-2018-18690", "href": "https://ubuntu.com/security/CVE-2018-18690", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "redhatcve": [{"lastseen": "2022-07-07T11:10:46", "description": "In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-11-03T04:04:06", "type": "redhatcve", "title": "CVE-2018-18690", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18690"], "modified": "2022-07-07T10:45:22", "id": "RH:CVE-2018-18690", "href": "https://access.redhat.com/security/cve/cve-2018-18690", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "debiancve": [{"lastseen": "2023-03-19T22:09:51", "description": "In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-26T18:29:00", "type": "debiancve", "title": "CVE-2018-18690", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18690"], "modified": "2018-10-26T18:29:00", "id": "DEBIANCVE:CVE-2018-18690", "href": "https://security-tracker.debian.org/tracker/CVE-2018-18690", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2023-01-26T14:33:29", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking.(CVE-2018-16658)\n\n - In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.(CVE-2018-18690)\n\n - A security flaw was found in the Linux kernel in drivers/tty/n_tty.c which allows local attackers (ones who are able to access pseudo terminals) to lock them up and block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ handler.(CVE-2018-18386)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2019-02-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1027)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16658", "CVE-2018-18386", "CVE-2018-18690"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1027.NASL", "href": "https://www.tenable.com/plugins/nessus/122174", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122174);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-16658\",\n \"CVE-2018-18386\",\n \"CVE-2018-18690\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1027)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in the Linux kernel before\n 4.18.6. An information leak in cdrom_ioctl_drive_status\n in drivers/cdrom/cdrom.c could be used by local\n attackers to read kernel memory because a cast from\n unsigned long to int interferes with bounds\n checking.(CVE-2018-16658)\n\n - In the Linux kernel before 4.17, a local attacker able\n to set attributes on an xfs filesystem could make this\n filesystem non-operational until the next mount by\n triggering an unchecked error condition during an xfs\n attribute change, because xfs_attr_shortform_addname in\n fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE\n operations with conversion of an attr from short to\n long form.(CVE-2018-18690)\n\n - A security flaw was found in the Linux kernel in\n drivers/tty/n_tty.c which allows local attackers (ones\n who are able to access pseudo terminals) to lock them\n up and block further usage of any pseudo terminal\n devices due to an EXTPROC versus ICANON confusion in\n TIOCINQ handler.(CVE-2018-18386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1027\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1fdeb710\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16658\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10.h158\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h158\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h158\",\n \"kernel-devel-3.10.0-514.44.5.10.h158\",\n \"kernel-headers-3.10.0-514.44.5.10.h158\",\n \"kernel-tools-3.10.0-514.44.5.10.h158\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h158\",\n \"perf-3.10.0-514.44.5.10.h158\",\n \"python-perf-3.10.0-514.44.5.10.h158\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-14T14:27:28", "description": "It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-18174)\n\nIt was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3848-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18174", "CVE-2018-12896", "CVE-2018-18690", "CVE-2018-18710"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3848-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119830", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3848-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119830);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-18174\", \"CVE-2018-12896\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_xref(name:\"USN\", value:\"3848-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3848-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that a double free existed in the AMD GPIO driver in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-18174)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service. (CVE-2018-12896)\n\nKanda Motohiro discovered that writing extended attributes to an XFS\nfile system in the Linux kernel in certain situations could cause an\nerror condition to occur. A local attacker could use this to cause a\ndenial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in\nthe CDROM driver of the Linux kernel. A local attacker could use this\nto expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3848-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-18174\", \"CVE-2018-12896\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3848-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1039-kvm\", pkgver:\"4.4.0-1039.45\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1074-aws\", pkgver:\"4.4.0-1074.84\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1102-raspi2\", pkgver:\"4.4.0-1102.110\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1106-snapdragon\", pkgver:\"4.4.0-1106.111\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-141-generic\", pkgver:\"4.4.0-141.167\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-141-generic-lpae\", pkgver:\"4.4.0-141.167\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-141-lowlatency\", pkgver:\"4.4.0-141.167\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1074.76\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.141.147\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.141.147\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.4.0.1039.38\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.141.147\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1102.102\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1106.98\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-14T14:27:21", "description": "USN-3848-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nIt was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-18174)\n\nIt was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3848-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18174", "CVE-2018-12896", "CVE-2018-18690", "CVE-2018-18710"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3848-2.NASL", "href": "https://www.tenable.com/plugins/nessus/119831", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3848-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119831);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-18174\", \"CVE-2018-12896\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_xref(name:\"USN\", value:\"3848-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3848-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3848-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nIt was discovered that a double free existed in the AMD GPIO driver in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-18174)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service. (CVE-2018-12896)\n\nKanda Motohiro discovered that writing extended attributes to an XFS\nfile system in the Linux kernel in certain situations could cause an\nerror condition to occur. A local attacker could use this to cause a\ndenial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in\nthe CDROM driver of the Linux kernel. A local attacker could use this\nto expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3848-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-18174\", \"CVE-2018-12896\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3848-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-1037-aws\", pkgver:\"4.4.0-1037.40\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-141-generic\", pkgver:\"4.4.0-141.167~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-141-generic-lpae\", pkgver:\"4.4.0-141.167~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-141-lowlatency\", pkgver:\"4.4.0-141.167~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1037.37\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.141.121\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.141.121\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.141.121\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-23T14:20:47", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4299 advisory.\n\n - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. (CVE-2017-17805)\n\n - It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. (CVE-2018-10902)\n\n - The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. (CVE-2017-17806)\n\n - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)\n\n - An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. (CVE-2018-13094)\n\n - In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. (CVE-2018-18690)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-10T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4299)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17805", "CVE-2017-17806", "CVE-2018-10902", "CVE-2018-13094", "CVE-2018-18690", "CVE-2018-7755"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2018-4299.NASL", "href": "https://www.tenable.com/plugins/nessus/119534", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4299.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119534);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2017-17805\",\n \"CVE-2017-17806\",\n \"CVE-2018-7755\",\n \"CVE-2018-10902\",\n \"CVE-2018-13094\",\n \"CVE-2018-18690\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4299)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2018-4299 advisory.\n\n - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length\n inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface\n (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel\n crash) or have unspecified other impact by executing a crafted sequence of system calls that use the\n blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation\n (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. (CVE-2017-17805)\n\n - It was found that the raw midi kernel driver does not protect against concurrent access which leads to a\n double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part\n of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for\n privilege escalation. (CVE-2018-10902)\n\n - The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the\n underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based\n hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a\n kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing\n SHA-3 initialization. (CVE-2017-17806)\n\n - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel\n through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM\n ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the\n location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)\n\n - An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may\n occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. (CVE-2018-13094)\n\n - In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make\n this filesystem non-operational until the next mount by triggering an unchecked error condition during an\n xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles\n ATTR_REPLACE operations with conversion of an attr from short to long form. (CVE-2018-18690)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2018-4299.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-17806\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.23.1.el6uek', '4.1.12-124.23.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2018-4299');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.23.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.23.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.23.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.23.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.23.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.23.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.23.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.23.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.23.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.23.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.23.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.23.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-22T15:36:18", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - xfs: don't call xfs_da_shrink_inode with NULL bp (Eric Sandeen) [Orabug: 28898616] (CVE-2018-13094)\n\n - ALSA: rawmidi: Change resized buffers atomically (Takashi Iwai) [Orabug: 28898636] (CVE-2018-10902)\n\n - md/raid5: fix a race condition in stripe batch (Shaohua Li) [Orabug: 28917012]\n\n - xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE (Darrick J. Wong) [Orabug:\n 28924091] (CVE-2018-18690)\n\n - certs: Add Oracle's new X509 cert into the kernel keyring (Eric Snowberg) [Orabug: 28926203]\n\n - block: fix bdi vs gendisk lifetime mismatch (Shan Hai) [Orabug: 28945039]\n\n - Add the following entries to 'uek-rpm/ol[67]/nano_modules.list':\n kernel/drivers/net/net_failover.ko kernel/net/core/failover.ko Fixes: b3bc7c163fc9 ('net:\n Introduce generic failover module') (Vijay Balakrishna) [Orabug: 28953351]\n\n - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (Andy Whitcroft) [Orabug: 28956547] (CVE-2018-7755) (CVE-2018-7755)\n\n - iov_iter: don't revert iov buffer if csum error (Ding Tianhong) [Orabug: 28960296]\n\n - crypto: salsa20 - fix blkcipher_walk API usage (Eric Biggers) [Orabug: 28976583] (CVE-2017-17805)\n\n - crypto: hmac - require that the underlying hash algorithm is unkeyed (Eric Biggers) [Orabug: 28976653] (CVE-2017-17806)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-11T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0286)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17805", "CVE-2017-17806", "CVE-2018-10902", "CVE-2018-13094", "CVE-2018-18690", "CVE-2018-7755"], "modified": "2020-04-28T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2018-0286.NASL", "href": "https://www.tenable.com/plugins/nessus/119566", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0286.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119566);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/28\");\n\n script_cve_id(\"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2018-10902\", \"CVE-2018-13094\", \"CVE-2018-18690\", \"CVE-2018-7755\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0286)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - xfs: don't call xfs_da_shrink_inode with NULL bp (Eric\n Sandeen) [Orabug: 28898616] (CVE-2018-13094)\n\n - ALSA: rawmidi: Change resized buffers atomically\n (Takashi Iwai) [Orabug: 28898636] (CVE-2018-10902)\n\n - md/raid5: fix a race condition in stripe batch (Shaohua\n Li) [Orabug: 28917012]\n\n - xfs: don't fail when converting shortform attr to long\n form during ATTR_REPLACE (Darrick J. Wong) [Orabug:\n 28924091] (CVE-2018-18690)\n\n - certs: Add Oracle's new X509 cert into the kernel\n keyring (Eric Snowberg) [Orabug: 28926203]\n\n - block: fix bdi vs gendisk lifetime mismatch (Shan Hai)\n [Orabug: 28945039]\n\n - Add the following entries to\n 'uek-rpm/ol[67]/nano_modules.list':\n kernel/drivers/net/net_failover.ko\n kernel/net/core/failover.ko Fixes: b3bc7c163fc9 ('net:\n Introduce generic failover module') (Vijay Balakrishna)\n [Orabug: 28953351]\n\n - floppy: Do not copy a kernel pointer to user memory in\n FDGETPRM ioctl (Andy Whitcroft) [Orabug: 28956547]\n (CVE-2018-7755) (CVE-2018-7755)\n\n - iov_iter: don't revert iov buffer if csum error (Ding\n Tianhong) [Orabug: 28960296]\n\n - crypto: salsa20 - fix blkcipher_walk API usage (Eric\n Biggers) [Orabug: 28976583] (CVE-2017-17805)\n\n - crypto: hmac - require that the underlying hash\n algorithm is unkeyed (Eric Biggers) [Orabug: 28976653]\n (CVE-2017-17806)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-December/000921.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9322ac99\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.23.1.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.23.1.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:48:38", "description": "USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS.\n\nIt was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3847-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10902", "CVE-2018-12896", "CVE-2018-14734", "CVE-2018-16276", "CVE-2018-18445", "CVE-2018-18690", "CVE-2018-18710"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3847-2.NASL", "href": "https://www.tenable.com/plugins/nessus/119828", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3847-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119828);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\", \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_xref(name:\"USN\", value:\"3847-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3847-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu\n16.04 LTS.\n\nIt was discovered that a race condition existed in the raw MIDI driver\nfor the Linux kernel, leading to a double free vulnerability. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in\nthe Infiniband implementation in the Linux kernel. An attacker could\nuse this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux\nkernel did not properly restrict user space reads or writes. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not\ncorrectly compute numeric bounds in some situations. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS\nfile system in the Linux kernel in certain situations could cause an\nerror condition to occur. A local attacker could use this to cause a\ndenial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in\nthe CDROM driver of the Linux kernel. A local attacker could use this\nto expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3847-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\", \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3847-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1026-gcp\", pkgver:\"4.15.0-1026.27~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1031-aws\", pkgver:\"4.15.0-1031.33~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1036-azure\", pkgver:\"4.15.0-1036.38~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-43-generic\", pkgver:\"4.15.0-43.46~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-43-generic-lpae\", pkgver:\"4.15.0-43.46~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-43-lowlatency\", pkgver:\"4.15.0-43.46~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws-hwe\", pkgver:\"4.15.0.1031.32\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-azure\", pkgver:\"4.15.0.1036.41\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1026.40\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.15.0.43.64\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.15.0.43.64\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1026.40\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.15.0.43.64\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-4.15-azure / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-27T14:23:57", "description": "USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS.\n\nIt was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3847-3)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10902", "CVE-2018-12896", "CVE-2018-14734", "CVE-2018-16276", "CVE-2018-18445", "CVE-2018-18690", "CVE-2018-18710"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3847-3.NASL", "href": "https://www.tenable.com/plugins/nessus/119829", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3847-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119829);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\", \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_xref(name:\"USN\", value:\"3847-3\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3847-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nkernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS.\n\nIt was discovered that a race condition existed in the raw MIDI driver\nfor the Linux kernel, leading to a double free vulnerability. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in\nthe Infiniband implementation in the Linux kernel. An attacker could\nuse this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux\nkernel did not properly restrict user space reads or writes. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not\ncorrectly compute numeric bounds in some situations. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS\nfile system in the Linux kernel in certain situations could cause an\nerror condition to occur. A local attacker could use this to cause a\ndenial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in\nthe CDROM driver of the Linux kernel. A local attacker could use this\nto expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3847-3/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.15-azure and / or linux-image-azure\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\", \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3847-3\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.15.0-1036-azure\", pkgver:\"4.15.0-1036.38~14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-azure\", pkgver:\"4.15.0.1036.23\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-azure / linux-image-azure\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:47:32", "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.162 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\n - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\n - CVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025).\n\n - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).\n\n - CVE-2018-9516: A lack of certain checks in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file might have resulted in receiving userspace buffer overflow and an out-of-bounds write or to the infinite loop. (bnc#1108498).\n\nThe following non-security bugs were fixed :\n\n - 6lowpan: iphc: reset mac_header after decompress to fix panic (bnc#1012382).\n\n - Add azure kernel description.\n\n - Add bug reference to patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack\n -fix1.patch\n\n - Add graphviz to buildreq for image conversion\n\n - Add reference to bsc#1104124 to patches.fixes/fs-aio-fix-the-increment-of-aio-nr-and-cou nting-agai.patch\n\n - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bnc#1012382).\n\n - ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 (bnc#1012382).\n\n - apparmor: remove no-op permission check in policy_unpack (git-fixes).\n\n - ARC: build: Get rid of toolchain check (bnc#1012382).\n\n - ARC: clone syscall to setp r25 as thread pointer (bnc#1012382).\n\n - arch/hexagon: fix kernel/dma.c build warning (bnc#1012382).\n\n - arch-symbols: use bash as interpreter since the script uses bashism.\n\n - arm64: cpufeature: Track 32bit EL0 support (bnc#1012382).\n\n - arm64: jump_label.h: use asm_volatile_goto macro instead of 'asm goto' (bnc#1012382).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bnc#1012382).\n\n - arm64: KVM: Tighten guest core register access from userspace (bnc#1012382).\n\n - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bnc#1012382).\n\n - ARM: dts: dra7: fix DCAN node addresses (bnc#1012382).\n\n - ARM: mvebu: declare asm symbols as character arrays in pmsu.c (bnc#1012382).\n\n - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs (bnc#1012382).\n\n - ASoC: sigmadsp: safeload should not have lower byte limit (bnc#1012382).\n\n - ASoC: wm8804: Add ACPI support (bnc#1012382).\n\n - ath10k: fix scan crash due to incorrect length calculation (bnc#1012382).\n\n - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bnc#1012382).\n\n - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock (bnc#1012382).\n\n - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 (bnc#1012382).\n\n - bnxt_en: Fix TX timeout during netpoll (bnc#1012382).\n\n - bonding: avoid possible dead-lock (bnc#1012382).\n\n - bpf: fix cb access in socket filter programs on tail calls (bsc#1012382).\n\n - bpf: fix map not being uncharged during map creation failure (bsc#1012382).\n\n - bpf, s390: fix potential memleak when later bpf_jit_prog fails (git-fixes).\n\n - bpf, s390x: do not reload skb pointers in non-skb context (git-fixes).\n\n - bsc#1106913: Replace with upstream variants Delete patches.suse/11-x86-mm-only-set-ibpb-when-the-new-thread\n -cannot-ptrace-current-thread.patch.\n\n - bs-upload-kernel: do not set %opensuse_bs Since SLE15 it is not set in the distribution project so do not set it for kernel projects either.\n\n - btrfs: add a comp_refs() helper (dependency for bsc#1031392).\n\n - btrfs: add missing initialization in btrfs_check_shared (Git-fixes bsc#1112262).\n\n - btrfs: add tracepoints for outstanding extents mods (dependency for bsc#1031392).\n\n - btrfs: add wrapper for counting BTRFS_MAX_EXTENT_SIZE (dependency for bsc#1031392).\n\n - btrfs: cleanup extent locking sequence (dependency for bsc#1031392).\n\n - btrfs: defrag: use btrfs_mod_outstanding_extents in cluster_pages_for_defrag (Follow up fixes for bsc#1031392).\n\n - btrfs: delayed-inode: Remove wrong qgroup meta reservation calls (bsc#1031392).\n\n - btrfs: delayed-inode: Use new qgroup meta rsv for delayed inode and item (bsc#1031392).\n\n - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667).\n\n - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667).\n\n - btrfs: fix error handling in btrfs_dev_replace_start (bsc#1107535).\n\n - Btrfs: fix invalid attempt to free reserved space on failure to cow range (dependency for bsc#1031392).\n\n - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919).\n\n - btrfs: Fix race condition between delayed refs and blockgroup removal (Git-fixes bsc#1112263).\n\n - btrfs: Fix wrong btrfs_delalloc_release_extents parameter (bsc#1031392).\n\n - Btrfs: kill trans in run_delalloc_nocow and btrfs_cross_ref_exist (dependency for bsc#1031392).\n\n - btrfs: make the delalloc block rsv per inode (dependency for bsc#1031392).\n\n - Btrfs: pass delayed_refs directly to btrfs_find_delayed_ref_head (dependency for bsc#1031392).\n\n - btrfs: qgroup: Add quick exit for non-fs extents (dependency for bsc#1031392).\n\n - btrfs: qgroup: Cleanup btrfs_qgroup_prepare_account_extents function (dependency for bsc#1031392).\n\n - btrfs: qgroup: Cleanup the remaining old reservation counters (bsc#1031392).\n\n - btrfs: qgroup: Commit transaction in advance to reduce early EDQUOT (bsc#1031392).\n\n - btrfs: qgroup: Do not use root->qgroup_meta_rsv for qgroup (bsc#1031392).\n\n - btrfs: qgroup: Fix wrong qgroup reservation update for relationship modification (bsc#1031392).\n\n - btrfs: qgroup: Introduce function to convert META_PREALLOC into META_PERTRANS (bsc#1031392).\n\n - btrfs: qgroup: Introduce helpers to update and access new qgroup rsv (bsc#1031392).\n\n - btrfs: qgroup: Make qgroup_reserve and its callers to use separate reservation type (bsc#1031392).\n\n - btrfs: qgroup: Skeleton to support separate qgroup reservation type (bsc#1031392).\n\n - btrfs: qgroups: opencode qgroup_free helper (dependency for bsc#1031392).\n\n - btrfs: qgroup: Split meta rsv type into meta_prealloc and meta_pertrans (bsc#1031392).\n\n - btrfs: qgroup: Update trace events for metadata reservation (bsc#1031392).\n\n - btrfs: qgroup: Update trace events to use new separate rsv types (bsc#1031392).\n\n - btrfs: qgroup: Use independent and accurate per inode qgroup rsv (bsc#1031392).\n\n - btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta reserved space (bsc#1031392).\n\n - btrfs: qgroup: Use separate meta reservation type for delalloc (bsc#1031392).\n\n - btrfs: remove type argument from comp_tree_refs (dependency for bsc#1031392).\n\n - Btrfs: rework outstanding_extents (dependency for bsc#1031392).\n\n - btrfs: switch args for comp_*_refs (dependency for bsc#1031392).\n\n - btrfs: Take trans lock before access running trans in check_delayed_ref (Follow up fixes for bsc#1031392).\n\n - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1112007).\n\n - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() (bnc#1012382).\n\n - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE (bnc#1012382).\n\n - cgroup: Fix deadlock in cpu hotplug path (bnc#1012382).\n\n - cgroup, netclassid: add a preemption point to write_classid (bnc#1098996).\n\n - CIFS: check for STATUS_USER_SESSION_DELETED (bsc#1112902).\n\n - cifs: connect to servername instead of IP for IPC$ share (bsc#1106359).\n\n - cifs: fix memory leak in SMB2_open() (bsc#1112894).\n\n - cifs: Fix use after free of a mid_q_entry (bsc#1112903).\n\n - cifs: read overflow in is_valid_oplock_break() (bnc#1012382).\n\n - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bnc#1012382).\n\n - config.sh: set BUGZILLA_PRODUCT for SLE12-SP3\n\n - crypto: mxs-dcp - Fix wait logic on chan threads (bnc#1012382).\n\n - crypto: skcipher - Fix -Wstringop-truncation warnings (bnc#1012382).\n\n - Define dependencies of in-kernel KMPs statically This allows us to use rpm's internal dependency generator (bsc#981083).\n\n - dm cache: fix resize crash if user does not reload cache table (bnc#1012382).\n\n - dm thin metadata: fix __udivdi3 undefined on 32-bit (bnc#1012382).\n\n - dm thin metadata: try to avoid ever aborting transactions (bnc#1012382).\n\n - Do not ship firmware (bsc#1054239). Pull firmware from kernel-firmware instead.\n\n - drivers/tty: add error handling for pcmcia_loop_config (bnc#1012382).\n\n - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bnc#1012382).\n\n - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from VBIOS (bnc#1012382).\n\n - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1106929)\n\n - Drop dtb-source.spec and move the sources to kernel-source (bsc#1011920)\n\n - Drop multiversion(kernel) from the KMP template ()\n\n - e1000: check on netif_running() before calling e1000_up() (bnc#1012382).\n\n - e1000: ensure to free old tx/rx rings in set_ringparam() (bnc#1012382).\n\n - ebtables: arpreply: Add the standard target sanity check (bnc#1012382).\n\n - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114648).\n\n - Enable kernel-obs-(build,qa) also in the vanilla branches\n\n - ethtool: restore erroneously removed break in dev_ethtool (bsc#1114229).\n\n - fbdev: fix broken menu dependencies (bsc#1106929)\n\n - fbdev/omapfb: fix omapfb_memory_read infoleak (bnc#1012382).\n\n - Fix file list to remove REPORTING-BUGS\n\n - Fix html and pdf creation in Documetation/media/*\n\n - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (bnc#1012382).\n\n - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bnc#1012382).\n\n - fs/cifs: suppress a string overflow warning (bnc#1012382).\n\n - gpio: adp5588: Fix sleep-in-atomic-context bug (bnc#1012382).\n\n - hexagon: modify ffs() and fls() to return int (bnc#1012382).\n\n - HID: hid-ntrig: add error handling for sysfs_create_group (bnc#1012382).\n\n - housekeeping: btrfs selftests: fold backport fix into backport patch\n\n - housekeeping: move btrfs patches to sorted section. No code changes.\n\n - hv: avoid crash in vmbus sysfs files (bnc#1108377).\n\n - hwmon: (adt7475) Make adt7475_read_word() return errors (bnc#1012382).\n\n - hwmon: (ina2xx) fix sysfs shunt resistor read access (bnc#1012382).\n\n - hwrng: core - document the quality field (git-fixes).\n\n - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bnc#1012382).\n\n - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus (bnc#1012382).\n\n - i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP (bnc#1012382).\n\n - i2c: uniphier: issue STOP only for last message or I2C_M_STOP (bnc#1012382).\n\n - IB/srp: Avoid that sg_reset -d $(srp_device) triggers an infinite loop (bnc#1012382).\n\n - Input: atakbd - fix Atari CapsLock behaviour (bnc#1012382).\n\n - Input: atakbd - fix Atari keymap (bnc#1012382).\n\n - Input: elantech - enable middle button of touchpad on ThinkPad P72 (bnc#1012382).\n\n - ip6_tunnel: be careful when accessing the inner header (bnc#1012382).\n\n - ip_tunnel: be careful when accessing the inner header (bnc#1012382).\n\n - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() (bnc#1012382).\n\n - ixgbe: pci_set_drvdata must be called before register_netdev (Git-fixes bsc#1109923).\n\n - jffs2: return -ERANGE when xattr buffer is too small (bnc#1012382).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bnc#1012382).\n\n - KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch (bnc#1012382).\n\n - lib/test_hexdump.c: fix failure on big endian cpu (bsc#1106110).\n\n - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bnc#1012382).\n\n - mac80211: fix a race between restart and CSA flows (bnc#1012382).\n\n - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys (bnc#1012382).\n\n - mac80211: Fix station bandwidth setting after channel switch (bnc#1012382).\n\n - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bnc#1012382).\n\n - mac80211: mesh: fix HWMP sequence numbering to follow standard (bnc#1012382).\n\n - mac80211: shorten the IBSS debug messages (bnc#1012382).\n\n - mach64: detect the dot clock divider correctly on sparc (bnc#1012382).\n\n - md-cluster: clear another node's suspend_area after the copy is finished (bnc#1012382).\n\n - media: af9035: prevent buffer overflow on write (bnc#1012382).\n\n - media: exynos4-is: Prevent NULL pointer dereference in\n __isp_video_try_fmt() (bnc#1012382).\n\n - media: fsl-viu: fix error handling in viu_of_probe() (bnc#1012382).\n\n - media: omap3isp: zero-initialize the isp cam_xclk(a,b) initial data (bnc#1012382).\n\n - media: omap_vout: Fix a possible NULL pointer dereference in omap_vout_open() (bsc#1050431).\n\n - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power (bnc#1012382).\n\n - media: soc_camera: ov772x: correct setting of banding filter (bnc#1012382).\n\n - media: tm6000: add error handling for dvb_register_adapter (bnc#1012382).\n\n - media: uvcvideo: Support realtek's UVC 1.5 device (bnc#1012382).\n\n - media: v4l: event: Prevent freeing event subscriptions while accessed (bnc#1012382).\n\n - media: videobuf-dma-sg: Fix dma_(sync,unmap)_sg() calls (bsc#1050431).\n\n - memory_hotplug: cond_resched in __remove_pages (bnc#1114178).\n\n - mfd: omap-usb-host: Fix dts probe of children (bnc#1012382).\n\n - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (bnc#1012382).\n\n - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907).\n\n - mm/vmstat.c: fix outdated vmstat_text (bnc#1012382).\n\n - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly (bnc#1012382).\n\n - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly (git fixes).\n\n - module: exclude SHN_UNDEF symbols from kallsyms api (bnc#1012382).\n\n - move changes without Git-commit out of sorted section\n\n - net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() (bnc#1012382).\n\n - net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES (bnc#1012382).\n\n - net: ipv4: update fnhe_pmtu when first hop's MTU changes (bnc#1012382).\n\n - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (bnc#1012382).\n\n - netlabel: check for IPV4MASK in addrinfo_get (bnc#1012382).\n\n - net: macb: disable scatter-gather for macb on sama5d3 (bnc#1012382).\n\n - net/mlx4: Use cpumask_available for eq->affinity_mask (bnc#1012382).\n\n - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (bnc#1012382).\n\n - net: systemport: Fix wake-up interrupt race during resume (bnc#1012382).\n\n - net/usb: cancel pending work when unbinding smsc75xx (bnc#1012382).\n\n - NFS: add nostatflush mount option (bsc#1065726).\n\n - NFS: Avoid quadratic search when freeing delegations (bsc#1084760).\n\n - nfsd: fix corrupted reply to badly ordered compound (bnc#1012382).\n\n - ocfs2: fix locking for res->tracking and dlm->tracking_list (bnc#1012382).\n\n - of: unittest: Disable interrupt node tests for old world MAC systems (bnc#1012382).\n\n - ovl: Copy inode attributes after setting xattr (bsc#1107299).\n\n - Pass x86 as architecture on x86_64 and i386 (bsc#1093118).\n\n - PCI: hv: Use effective affinity mask (bsc#1109772).\n\n - PCI: Reprogram bridge prefetch registers on resume (bnc#1012382).\n\n - perf probe powerpc: Ignore SyS symbols irrespective of endianness (bnc#1012382).\n\n - perf script python: Fix export-to-postgresql.py occasional failure (bnc#1012382).\n\n - PM / core: Clear the direct_complete flag on errors (bnc#1012382).\n\n - powerpc/kdump: Handle crashkernel memory reservation failure (bnc#1012382).\n\n - powerpc/numa: Skip onlining a offline node in kdump path (bsc#1109784).\n\n - powerpc/perf/hv-24x7: Fix passing of catalog version number (bsc#1053043).\n\n - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes).\n\n - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes).\n\n - powerpc/pseries/mm: call H_BLOCK_REMOVE (bsc#1109158).\n\n - powerpc/pseries/mm: factorize PTE slot computation (bsc#1109158).\n\n - powerpc/pseries/mm: Introducing FW_FEATURE_BLOCK_REMOVE (bsc#1109158).\n\n - powerpc/rtas: Fix a potential race between CPU-Offline & Migration (bsc#1111870).\n\n - power: vexpress: fix corruption in notifier registration (bnc#1012382).\n\n - proc: restrict kernel stack dumps to root (bnc#1012382).\n\n - qlcnic: fix Tx descriptor corruption on 82xx devices (bnc#1012382).\n\n - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bnc#1012382).\n\n - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (bnc#1012382).\n\n - rculist: add list_for_each_entry_from_rcu() (bsc#1084760).\n\n - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760).\n\n - RDMA/ucma: check fd type in ucma_migrate_id() (bnc#1012382).\n\n - README: Clean-up trailing whitespace\n\n - reiserfs: add check to detect corrupted directory entry (bsc#1109818).\n\n - reiserfs: do not panic on bad directory entries (bsc#1109818).\n\n - resource: Include resource end in walk_*() interfaces (bsc#1114648).\n\n - Revert 'btrfs: qgroups: Retry after commit on getting EDQUOT' (bsc#1031392).\n\n - Revert 'drm: Do not pass negative delta to ktime_sub_ns()' (bsc#1106929)\n\n - Revert 'drm/i915: Initialize HWS page address after GPU reset' (bsc#1106929)\n\n - Revert 'KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch' (kabi).\n\n - Revert 'media: v4l: event: Prevent freeing event subscriptions while accessed' (kabi).\n\n - Revert 'proc: restrict kernel stack dumps to root' (kabi).\n\n - Revert 'rpm/constraints.in: Lower default disk space requirement from 25G to 24G' This reverts commit 406abda1467c038842febffe264faae1fa2e3c1d. ok, did not wait long enough to see the failure.\n\n - Revert 'Skip intel_crt_init for Dell XPS 8700' (bsc#1106929)\n\n - Revert 'tcp: add tcp_ooo_try_coalesce() helper' (kabi).\n\n - Revert 'tcp: call tcp_drop() from tcp_data_queue_ofo()' (kabi).\n\n - Revert 'tcp: fix a stale ooo_last_skb after a replace' (kabi).\n\n - Revert 'tcp: free batches of packets in tcp_prune_ofo_queue()' (kabi).\n\n - Revert 'tcp: use an RB tree for ooo receive queue' (kabi).\n\n - Revert 'usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()' (bnc#1012382).\n\n - Revert 'x86/fpu: Finish excising 'eagerfpu'' (kabi).\n\n - Revert 'x86/fpu: Remove struct fpu::counter' (kabi).\n\n - Revert 'x86/fpu: Remove use_eager_fpu()' (kabi).\n\n - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() (bnc#1012382).\n\n - rpm/apply-patches: Fix failure if there are no vanilla patches The grep command returns 1 if there are no patches and we are using pipefail.\n\n - rpm/constraints.in: build ARM on at least 2 cpus\n\n - rpm/constraints.in: Lower default disk space requirement from 25G to 24G 25G is rejected by the build service on ARM.\n\n - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (bnc#1012382).\n\n - s390/chsc: Add exception handler for CHSC instruction (git-fixes).\n\n - s390/extmem: fix gcc 8 stringop-overflow warning (bnc#1012382).\n\n - s390/kdump: Fix elfcorehdr size calculation (git-fixes).\n\n - s390/kdump: Make elfcorehdr size calculation ABI compliant (git-fixes).\n\n - s390/mm: correct allocate_pgste proc_handler callback (git-fixes).\n\n - s390/qeth: do not dump past end of unknown HW header (bnc#1012382).\n\n - s390/qeth: handle failure on workqueue creation (git-fixes).\n\n - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n\n - s390/stacktrace: fix address ranges for asynchronous and panic stack (git-fixes).\n\n - scsi: bnx2i: add error handling for ioremap_nocache (bnc#1012382).\n\n - scsi: ibmvscsi: Improve strings handling (bnc#1012382).\n\n - scsi: klist: Make it safe to use klists in atomic context (bnc#1012382).\n\n - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size (bnc#1012382).\n\n - selftests/efivarfs: add required kernel configs (bnc#1012382).\n\n - serial: cpm_uart: return immediately from console poll (bnc#1012382).\n\n - serial: imx: restore handshaking irq for imx1 (bnc#1012382).\n\n - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006).\n\n - slub: make ->cpu_partial unsigned int (bnc#1012382).\n\n - smb2: fix missing files in root share directory listing (bnc#1012382).\n\n - smb3: fill in statfs fsid and correct namelen (bsc#1112905).\n\n - sound: enable interrupt after dma buffer initialization (bnc#1012382).\n\n - spi: rspi: Fix interrupted DMA transfers (bnc#1012382).\n\n - spi: rspi: Fix invalid SPI use during system suspend (bnc#1012382).\n\n - spi: sh-msiof: Fix handling of write value for SISTR register (bnc#1012382).\n\n - spi: sh-msiof: Fix invalid SPI use during system suspend (bnc#1012382).\n\n - spi: tegra20-slink: explicitly enable/disable clock (bnc#1012382).\n\n - staging: android: ashmem: Fix mmap size validation (bnc#1012382).\n\n - staging: rts5208: fix missing error check on call to rtsx_write_register (bnc#1012382).\n\n - stmmac: fix valid numbers of unicast filter entries (bnc#1012382).\n\n - target: log Data-Out timeouts as errors (bsc#1095805).\n\n - target: log NOP ping timeouts as errors (bsc#1095805).\n\n - target: split out helper for cxn timeout error stashing (bsc#1095805).\n\n - target: stash sess_err_stats on Data-Out timeout (bsc#1095805).\n\n - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805).\n\n - tcp: add tcp_ooo_try_coalesce() helper (bnc#1012382).\n\n - tcp: call tcp_drop() from tcp_data_queue_ofo() (bnc#1012382).\n\n - tcp: fix a stale ooo_last_skb after a replace (bnc#1012382).\n\n - tcp: free batches of packets in tcp_prune_ofo_queue() (bnc#1012382).\n\n - tcp: increment sk_drops for dropped rx packets (bnc#1012382).\n\n - tcp: use an RB tree for ooo receive queue (bnc#1012382).\n\n - team: Forbid enslaving team device to itself (bnc#1012382).\n\n - thermal: of-thermal: disable passive polling when thermal zone is disabled (bnc#1012382).\n\n - tools/vm/page-types.c: fix 'defined but not used' warning (bnc#1012382).\n\n - tools/vm/slabinfo.c: fix sign-compare warning (bnc#1012382).\n\n - tpm: Restore functionality to xen vtpm driver (bsc#1020645, git-fixes).\n\n - tsl2550: fix lux1_input error in low light (bnc#1012382).\n\n - ubifs: Check for name being NULL while mounting (bnc#1012382).\n\n - ucma: fix a use-after-free in ucma_resolve_ip() (bnc#1012382).\n\n - USB: fix error handling in usb_driver_claim_interface() (bnc#1012382).\n\n - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] (bnc#1012382).\n\n - usb: gadget: serial: fix oops when data rx'd after close (bnc#1012382).\n\n - USB: handle NULL config in usb_find_alt_setting() (bnc#1012382).\n\n - USB: remove LPM management from usb_driver_claim_interface() (bnc#1012382).\n\n - USB: serial: kobil_sct: fix modem-status error handling (bnc#1012382).\n\n - USB: serial: simple: add Motorola Tetra MTP6550 id (bnc#1012382).\n\n - USB: usbdevfs: restore warning for nonsensical flags (bnc#1012382).\n\n - USB: usbdevfs: sanitize flags more (bnc#1012382).\n\n - usb: wusbcore: security: cast sizeof to int for comparison (bnc#1012382).\n\n - USB: yurex: Check for truncation in yurex_read() (bnc#1012382).\n\n - Use make --output-sync feature when available (bsc#1012422). The mesages in make output can interleave making it impossible to extract warnings reliably. Since version 4 GNU Make supports --output-sync flag that prints output of each sub-command atomically preventing this issue. Detect the flag and use it if available.\n SLE11 has make 3.81 so it is required to include make 4 in the kernel OBS projects to take advantege of this.\n\n - Use upstream version of pci-hyperv change 35a88a18d7\n\n - uwb: hwa-rc: fix memory leak at probe (bnc#1012382).\n\n - vmci: type promotion bug in qp_host_get_user_memory() (bnc#1012382).\n\n - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() (bnc#1012382).\n\n - wlcore: Fix memory leak in wlcore_cmd_wait_for_event_or_timeout (git-fixes).\n\n - x86/cpufeature: deduplicate X86_FEATURE_L1TF_PTEINV (kabi).\n\n - x86/entry/64: Add two more instruction suffixes (bnc#1012382).\n\n - x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface (bsc#1105931).\n\n - x86/entry/64: sanitize extra registers on syscall entry (bsc#1105931).\n\n - x86/fpu: Finish excising 'eagerfpu' (bnc#1012382).\n\n - x86/fpu: Remove second definition of fpu in\n __fpu__restore_sig() (bsc#1110006).\n\n - x86/fpu: Remove struct fpu::counter (bnc#1012382).\n\n - x86/fpu: Remove use_eager_fpu() (bnc#1012382).\n\n - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).\n\n - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114648).\n\n - x86/numa_emulation: Fix emulated-to-physical node mapping (bnc#1012382).\n\n - x86/paravirt: Fix some warning messages (bnc#1065600).\n\n - x86/percpu: Fix this_cpu_read() (bsc#1110006).\n\n - x86,sched: Allow topologies where NUMA nodes share an LLC (bsc#1091158, bsc#1101555).\n\n - x86/spec_ctrl: Fix spec_ctrl reporting (bsc#1106913, bsc#1111516).\n\n - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913).\n\n - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913).\n\n - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913).\n\n - x86/time: Correct the attribute on jiffies' definition (bsc#1110006).\n\n - x86/tsc: Add missing header to tsc_msr.c (bnc#1012382).\n\n - xen: avoid crash in disable_hotplug_cpu (bnc#1012382 bsc#1106594 bsc#1042422).\n\n - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (bnc#1012382).\n\n - xen/manage: do not complain about an empty value in control/sysrq node (bnc#1012382).\n\n - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI (bnc#1012382).\n\n - xhci: Do not print a warning when setting link state for disabled ports (bnc#1012382).\n\n - rpm/kernel-binary.spec.in: Add missing export BRP_SIGN_FILES (bsc#1115587) The export line was accidentally dropped at merging scripts branch, which resulted in the invalid module signature.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2018-1427)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10940", "CVE-2018-16658", "CVE-2018-18281", "CVE-2018-18386", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-9516"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1427.NASL", "href": "https://www.tenable.com/plugins/nessus/119077", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1427.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119077);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-10940\", \"CVE-2018-16658\", \"CVE-2018-18281\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2018-18710\", \"CVE-2018-9516\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2018-1427)\");\n script_summary(english:\"Check for the openSUSE-2018-1427 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.3 kernel was updated to 4.4.162 to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB\n flushes after dropping pagetable locks. If a syscall\n such as ftruncate() removes entries from the pagetables\n of a task that is in the middle of mremap(), a stale TLB\n entry can remain for a short time that permits access to\n a physical page after it has been released back to the\n page allocator and reused. (bnc#1113769).\n\n - CVE-2018-18710: An information leak in\n cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could\n be used by local attackers to read kernel memory because\n a cast from unsigned long to int interferes with bounds\n checking. This is similar to CVE-2018-10940 and\n CVE-2018-16658 (bnc#1113751).\n\n - CVE-2018-18690: A local attacker able to set attributes\n on an xfs filesystem could make this filesystem\n non-operational until the next mount by triggering an\n unchecked error condition during an xfs attribute\n change, because xfs_attr_shortform_addname in\n fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE\n operations with conversion of an attr from short to long\n form (bnc#1105025).\n\n - CVE-2018-18386: drivers/tty/n_tty.c allowed local\n attackers (who are able to access pseudo terminals) to\n hang/block further usage of any pseudo terminal devices\n due to an EXTPROC versus ICANON confusion in TIOCINQ\n (bnc#1094825).\n\n - CVE-2018-9516: A lack of certain checks in the\n hid_debug_events_read() function in the\n drivers/hid/hid-debug.c file might have resulted in\n receiving userspace buffer overflow and an out-of-bounds\n write or to the infinite loop. (bnc#1108498).\n\nThe following non-security bugs were fixed :\n\n - 6lowpan: iphc: reset mac_header after decompress to fix\n panic (bnc#1012382).\n\n - Add azure kernel description.\n\n - Add bug reference to\n patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack\n -fix1.patch\n\n - Add graphviz to buildreq for image conversion\n\n - Add reference to bsc#1104124 to\n patches.fixes/fs-aio-fix-the-increment-of-aio-nr-and-cou\n nting-agai.patch\n\n - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge\n (bnc#1012382).\n\n - ALSA: hda/realtek - Cannot adjust speaker's volume on\n Dell XPS 27 7760 (bnc#1012382).\n\n - apparmor: remove no-op permission check in policy_unpack\n (git-fixes).\n\n - ARC: build: Get rid of toolchain check (bnc#1012382).\n\n - ARC: clone syscall to setp r25 as thread pointer\n (bnc#1012382).\n\n - arch/hexagon: fix kernel/dma.c build warning\n (bnc#1012382).\n\n - arch-symbols: use bash as interpreter since the script\n uses bashism.\n\n - arm64: cpufeature: Track 32bit EL0 support\n (bnc#1012382).\n\n - arm64: jump_label.h: use asm_volatile_goto macro instead\n of 'asm goto' (bnc#1012382).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from\n userspace (bnc#1012382).\n\n - arm64: KVM: Tighten guest core register access from\n userspace (bnc#1012382).\n\n - ARM: dts: at91: add new compatibility string for macb on\n sama5d3 (bnc#1012382).\n\n - ARM: dts: dra7: fix DCAN node addresses (bnc#1012382).\n\n - ARM: mvebu: declare asm symbols as character arrays in\n pmsu.c (bnc#1012382).\n\n - ASoC: dapm: Fix potential DAI widget pointer deref when\n linking DAIs (bnc#1012382).\n\n - ASoC: sigmadsp: safeload should not have lower byte\n limit (bnc#1012382).\n\n - ASoC: wm8804: Add ACPI support (bnc#1012382).\n\n - ath10k: fix scan crash due to incorrect length\n calculation (bnc#1012382).\n\n - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait\n (bnc#1012382).\n\n - ath10k: protect ath10k_htt_rx_ring_free with\n rx_ring.lock (bnc#1012382).\n\n - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009\n (bnc#1012382).\n\n - bnxt_en: Fix TX timeout during netpoll (bnc#1012382).\n\n - bonding: avoid possible dead-lock (bnc#1012382).\n\n - bpf: fix cb access in socket filter programs on tail\n calls (bsc#1012382).\n\n - bpf: fix map not being uncharged during map creation\n failure (bsc#1012382).\n\n - bpf, s390: fix potential memleak when later bpf_jit_prog\n fails (git-fixes).\n\n - bpf, s390x: do not reload skb pointers in non-skb\n context (git-fixes).\n\n - bsc#1106913: Replace with upstream variants Delete\n patches.suse/11-x86-mm-only-set-ibpb-when-the-new-thread\n -cannot-ptrace-current-thread.patch.\n\n - bs-upload-kernel: do not set %opensuse_bs Since SLE15 it\n is not set in the distribution project so do not set it\n for kernel projects either.\n\n - btrfs: add a comp_refs() helper (dependency for\n bsc#1031392).\n\n - btrfs: add missing initialization in btrfs_check_shared\n (Git-fixes bsc#1112262).\n\n - btrfs: add tracepoints for outstanding extents mods\n (dependency for bsc#1031392).\n\n - btrfs: add wrapper for counting BTRFS_MAX_EXTENT_SIZE\n (dependency for bsc#1031392).\n\n - btrfs: cleanup extent locking sequence (dependency for\n bsc#1031392).\n\n - btrfs: defrag: use btrfs_mod_outstanding_extents in\n cluster_pages_for_defrag (Follow up fixes for\n bsc#1031392).\n\n - btrfs: delayed-inode: Remove wrong qgroup meta\n reservation calls (bsc#1031392).\n\n - btrfs: delayed-inode: Use new qgroup meta rsv for\n delayed inode and item (bsc#1031392).\n\n - btrfs: Enhance btrfs_trim_fs function to handle error\n better (Dependency for bsc#1113667).\n\n - btrfs: Ensure btrfs_trim_fs can trim the whole\n filesystem (bsc#1113667).\n\n - btrfs: fix error handling in btrfs_dev_replace_start\n (bsc#1107535).\n\n - Btrfs: fix invalid attempt to free reserved space on\n failure to cow range (dependency for bsc#1031392).\n\n - btrfs: fix missing error return in btrfs_drop_snapshot\n (Git-fixes bsc#1109919).\n\n - btrfs: Fix race condition between delayed refs and\n blockgroup removal (Git-fixes bsc#1112263).\n\n - btrfs: Fix wrong btrfs_delalloc_release_extents\n parameter (bsc#1031392).\n\n - Btrfs: kill trans in run_delalloc_nocow and\n btrfs_cross_ref_exist (dependency for bsc#1031392).\n\n - btrfs: make the delalloc block rsv per inode (dependency\n for bsc#1031392).\n\n - Btrfs: pass delayed_refs directly to\n btrfs_find_delayed_ref_head (dependency for\n bsc#1031392).\n\n - btrfs: qgroup: Add quick exit for non-fs extents\n (dependency for bsc#1031392).\n\n - btrfs: qgroup: Cleanup\n btrfs_qgroup_prepare_account_extents function\n (dependency for bsc#1031392).\n\n - btrfs: qgroup: Cleanup the remaining old reservation\n counters (bsc#1031392).\n\n - btrfs: qgroup: Commit transaction in advance to reduce\n early EDQUOT (bsc#1031392).\n\n - btrfs: qgroup: Do not use root->qgroup_meta_rsv for\n qgroup (bsc#1031392).\n\n - btrfs: qgroup: Fix wrong qgroup reservation update for\n relationship modification (bsc#1031392).\n\n - btrfs: qgroup: Introduce function to convert\n META_PREALLOC into META_PERTRANS (bsc#1031392).\n\n - btrfs: qgroup: Introduce helpers to update and access\n new qgroup rsv (bsc#1031392).\n\n - btrfs: qgroup: Make qgroup_reserve and its callers to\n use separate reservation type (bsc#1031392).\n\n - btrfs: qgroup: Skeleton to support separate qgroup\n reservation type (bsc#1031392).\n\n - btrfs: qgroups: opencode qgroup_free helper (dependency\n for bsc#1031392).\n\n - btrfs: qgroup: Split meta rsv type into meta_prealloc\n and meta_pertrans (bsc#1031392).\n\n - btrfs: qgroup: Update trace events for metadata\n reservation (bsc#1031392).\n\n - btrfs: qgroup: Update trace events to use new separate\n rsv types (bsc#1031392).\n\n - btrfs: qgroup: Use independent and accurate per inode\n qgroup rsv (bsc#1031392).\n\n - btrfs: qgroup: Use root::qgroup_meta_rsv_* to record\n qgroup meta reserved space (bsc#1031392).\n\n - btrfs: qgroup: Use separate meta reservation type for\n delalloc (bsc#1031392).\n\n - btrfs: remove type argument from comp_tree_refs\n (dependency for bsc#1031392).\n\n - Btrfs: rework outstanding_extents (dependency for\n bsc#1031392).\n\n - btrfs: switch args for comp_*_refs (dependency for\n bsc#1031392).\n\n - btrfs: Take trans lock before access running trans in\n check_delayed_ref (Follow up fixes for bsc#1031392).\n\n - ceph: avoid a use-after-free in ceph_destroy_options()\n (bsc#1112007).\n\n - cfg80211: fix a type issue in\n ieee80211_chandef_to_operating_class() (bnc#1012382).\n\n - cfg80211: nl80211_update_ft_ies() to validate\n NL80211_ATTR_IE (bnc#1012382).\n\n - cgroup: Fix deadlock in cpu hotplug path (bnc#1012382).\n\n - cgroup, netclassid: add a preemption point to\n write_classid (bnc#1098996).\n\n - CIFS: check for STATUS_USER_SESSION_DELETED\n (bsc#1112902).\n\n - cifs: connect to servername instead of IP for IPC$ share\n (bsc#1106359).\n\n - cifs: fix memory leak in SMB2_open() (bsc#1112894).\n\n - cifs: Fix use after free of a mid_q_entry (bsc#1112903).\n\n - cifs: read overflow in is_valid_oplock_break()\n (bnc#1012382).\n\n - clocksource/drivers/ti-32k: Add\n CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs\n (bnc#1012382).\n\n - config.sh: set BUGZILLA_PRODUCT for SLE12-SP3\n\n - crypto: mxs-dcp - Fix wait logic on chan threads\n (bnc#1012382).\n\n - crypto: skcipher - Fix -Wstringop-truncation warnings\n (bnc#1012382).\n\n - Define dependencies of in-kernel KMPs statically This\n allows us to use rpm's internal dependency generator\n (bsc#981083).\n\n - dm cache: fix resize crash if user does not reload cache\n table (bnc#1012382).\n\n - dm thin metadata: fix __udivdi3 undefined on 32-bit\n (bnc#1012382).\n\n - dm thin metadata: try to avoid ever aborting\n transactions (bnc#1012382).\n\n - Do not ship firmware (bsc#1054239). Pull firmware from\n kernel-firmware instead.\n\n - drivers/tty: add error handling for pcmcia_loop_config\n (bnc#1012382).\n\n - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7\n (bnc#1012382).\n\n - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is\n missing from VBIOS (bnc#1012382).\n\n - drm/virtio: fix bounds check in\n virtio_gpu_cmd_get_capset() (bsc#1106929)\n\n - Drop dtb-source.spec and move the sources to\n kernel-source (bsc#1011920)\n\n - Drop multiversion(kernel) from the KMP template ()\n\n - e1000: check on netif_running() before calling\n e1000_up() (bnc#1012382).\n\n - e1000: ensure to free old tx/rx rings in set_ringparam()\n (bnc#1012382).\n\n - ebtables: arpreply: Add the standard target sanity check\n (bnc#1012382).\n\n - EDAC, thunderx: Fix memory leak in\n thunderx_l2c_threaded_isr() (bsc#1114648).\n\n - Enable kernel-obs-(build,qa) also in the vanilla\n branches\n\n - ethtool: restore erroneously removed break in\n dev_ethtool (bsc#1114229).\n\n - fbdev: fix broken menu dependencies (bsc#1106929)\n\n - fbdev/omapfb: fix omapfb_memory_read infoleak\n (bnc#1012382).\n\n - Fix file list to remove REPORTING-BUGS\n\n - Fix html and pdf creation in Documetation/media/*\n\n - floppy: Do not copy a kernel pointer to user memory in\n FDGETPRM ioctl (bnc#1012382).\n\n - fs/cifs: do not translate SFM_SLASH (U+F026) to\n backslash (bnc#1012382).\n\n - fs/cifs: suppress a string overflow warning\n (bnc#1012382).\n\n - gpio: adp5588: Fix sleep-in-atomic-context bug\n (bnc#1012382).\n\n - hexagon: modify ffs() and fls() to return int\n (bnc#1012382).\n\n - HID: hid-ntrig: add error handling for\n sysfs_create_group (bnc#1012382).\n\n - housekeeping: btrfs selftests: fold backport fix into\n backport patch\n\n - housekeeping: move btrfs patches to sorted section. No\n code changes.\n\n - hv: avoid crash in vmbus sysfs files (bnc#1108377).\n\n - hwmon: (adt7475) Make adt7475_read_word() return errors\n (bnc#1012382).\n\n - hwmon: (ina2xx) fix sysfs shunt resistor read access\n (bnc#1012382).\n\n - hwrng: core - document the quality field (git-fixes).\n\n - i2c: i2c-scmi: fix for i2c_smbus_write_block_data\n (bnc#1012382).\n\n - i2c: i801: Allow ACPI AML access I/O ports not reserved\n for SMBus (bnc#1012382).\n\n - i2c: uniphier-f: issue STOP only for last message or\n I2C_M_STOP (bnc#1012382).\n\n - i2c: uniphier: issue STOP only for last message or\n I2C_M_STOP (bnc#1012382).\n\n - IB/srp: Avoid that sg_reset -d $(srp_device) triggers an\n infinite loop (bnc#1012382).\n\n - Input: atakbd - fix Atari CapsLock behaviour\n (bnc#1012382).\n\n - Input: atakbd - fix Atari keymap (bnc#1012382).\n\n - Input: elantech - enable middle button of touchpad on\n ThinkPad P72 (bnc#1012382).\n\n - ip6_tunnel: be careful when accessing the inner header\n (bnc#1012382).\n\n - ip_tunnel: be careful when accessing the inner header\n (bnc#1012382).\n\n - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()\n (bnc#1012382).\n\n - ixgbe: pci_set_drvdata must be called before\n register_netdev (Git-fixes bsc#1109923).\n\n - jffs2: return -ERANGE when xattr buffer is too small\n (bnc#1012382).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate\n function (bnc#1012382).\n\n - KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch\n (bnc#1012382).\n\n - lib/test_hexdump.c: fix failure on big endian cpu\n (bsc#1106110).\n\n - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X\n (bnc#1012382).\n\n - mac80211: fix a race between restart and CSA flows\n (bnc#1012382).\n\n - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP\n mode keys (bnc#1012382).\n\n - mac80211: Fix station bandwidth setting after channel\n switch (bnc#1012382).\n\n - mac80211_hwsim: correct use of\n IEEE80211_VHT_CAP_RXSTBC_X (bnc#1012382).\n\n - mac80211: mesh: fix HWMP sequence numbering to follow\n standard (bnc#1012382).\n\n - mac80211: shorten the IBSS debug messages (bnc#1012382).\n\n - mach64: detect the dot clock divider correctly on sparc\n (bnc#1012382).\n\n - md-cluster: clear another node's suspend_area after the\n copy is finished (bnc#1012382).\n\n - media: af9035: prevent buffer overflow on write\n (bnc#1012382).\n\n - media: exynos4-is: Prevent NULL pointer dereference in\n __isp_video_try_fmt() (bnc#1012382).\n\n - media: fsl-viu: fix error handling in viu_of_probe()\n (bnc#1012382).\n\n - media: omap3isp: zero-initialize the isp cam_xclk(a,b)\n initial data (bnc#1012382).\n\n - media: omap_vout: Fix a possible NULL pointer\n dereference in omap_vout_open() (bsc#1050431).\n\n - media: s3c-camif: ignore -ENOIOCTLCMD from\n v4l2_subdev_call for s_power (bnc#1012382).\n\n - media: soc_camera: ov772x: correct setting of banding\n filter (bnc#1012382).\n\n - media: tm6000: add error handling for\n dvb_register_adapter (bnc#1012382).\n\n - media: uvcvideo: Support realtek's UVC 1.5 device\n (bnc#1012382).\n\n - media: v4l: event: Prevent freeing event subscriptions\n while accessed (bnc#1012382).\n\n - media: videobuf-dma-sg: Fix dma_(sync,unmap)_sg() calls\n (bsc#1050431).\n\n - memory_hotplug: cond_resched in __remove_pages\n (bnc#1114178).\n\n - mfd: omap-usb-host: Fix dts probe of children\n (bnc#1012382).\n\n - mm: madvise(MADV_DODUMP): allow hugetlbfs pages\n (bnc#1012382).\n\n - mm: /proc/pid/pagemap: hide swap entries from\n unprivileged users (Git-fixes bsc#1109907).\n\n - mm/vmstat.c: fix outdated vmstat_text (bnc#1012382).\n\n - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly\n (bnc#1012382).\n\n - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly (git\n fixes).\n\n - module: exclude SHN_UNDEF symbols from kallsyms api\n (bnc#1012382).\n\n - move changes without Git-commit out of sorted section\n\n - net: cadence: Fix a sleep-in-atomic-context bug in\n macb_halt_tx() (bnc#1012382).\n\n - net: hns: fix length and page_offset overflow when\n CONFIG_ARM64_64K_PAGES (bnc#1012382).\n\n - net: ipv4: update fnhe_pmtu when first hop's MTU changes\n (bnc#1012382).\n\n - net/ipv6: Display all addresses in output of\n /proc/net/if_inet6 (bnc#1012382).\n\n - netlabel: check for IPV4MASK in addrinfo_get\n (bnc#1012382).\n\n - net: macb: disable scatter-gather for macb on sama5d3\n (bnc#1012382).\n\n - net/mlx4: Use cpumask_available for eq->affinity_mask\n (bnc#1012382).\n\n - net: mvpp2: Extract the correct ethtype from the skb for\n tx csum offload (bnc#1012382).\n\n - net: systemport: Fix wake-up interrupt race during\n resume (bnc#1012382).\n\n - net/usb: cancel pending work when unbinding smsc75xx\n (bnc#1012382).\n\n - NFS: add nostatflush mount option (bsc#1065726).\n\n - NFS: Avoid quadratic search when freeing delegations\n (bsc#1084760).\n\n - nfsd: fix corrupted reply to badly ordered compound\n (bnc#1012382).\n\n - ocfs2: fix locking for res->tracking and\n dlm->tracking_list (bnc#1012382).\n\n - of: unittest: Disable interrupt node tests for old world\n MAC systems (bnc#1012382).\n\n - ovl: Copy inode attributes after setting xattr\n (bsc#1107299).\n\n - Pass x86 as architecture on x86_64 and i386\n (bsc#1093118).\n\n - PCI: hv: Use effective affinity mask (bsc#1109772).\n\n - PCI: Reprogram bridge prefetch registers on resume\n (bnc#1012382).\n\n - perf probe powerpc: Ignore SyS symbols irrespective of\n endianness (bnc#1012382).\n\n - perf script python: Fix export-to-postgresql.py\n occasional failure (bnc#1012382).\n\n - PM / core: Clear the direct_complete flag on errors\n (bnc#1012382).\n\n - powerpc/kdump: Handle crashkernel memory reservation\n failure (bnc#1012382).\n\n - powerpc/numa: Skip onlining a offline node in kdump path\n (bsc#1109784).\n\n - powerpc/perf/hv-24x7: Fix passing of catalog version\n number (bsc#1053043).\n\n - powerpc/pseries: Fix build break for SPLPAR=n and CPU\n hotplug (bsc#1079524, git-fixes).\n\n - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906,\n git-fixes).\n\n - powerpc/pseries/mm: call H_BLOCK_REMOVE (bsc#1109158).\n\n - powerpc/pseries/mm: factorize PTE slot computation\n (bsc#1109158).\n\n - powerpc/pseries/mm: Introducing FW_FEATURE_BLOCK_REMOVE\n (bsc#1109158).\n\n - powerpc/rtas: Fix a potential race between CPU-Offline &\n Migration (bsc#1111870).\n\n - power: vexpress: fix corruption in notifier registration\n (bnc#1012382).\n\n - proc: restrict kernel stack dumps to root (bnc#1012382).\n\n - qlcnic: fix Tx descriptor corruption on 82xx devices\n (bnc#1012382).\n\n - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing\n RTL_FLAG_TASK_ENABLED (bnc#1012382).\n\n - RAID10 BUG_ON in raise_barrier when force is true and\n conf->barrier is 0 (bnc#1012382).\n\n - rculist: add list_for_each_entry_from_rcu()\n (bsc#1084760).\n\n - rculist: Improve documentation for\n list_for_each_entry_from_rcu() (bsc#1084760).\n\n - RDMA/ucma: check fd type in ucma_migrate_id()\n (bnc#1012382).\n\n - README: Clean-up trailing whitespace\n\n - reiserfs: add check to detect corrupted directory entry\n (bsc#1109818).\n\n - reiserfs: do not panic on bad directory entries\n (bsc#1109818).\n\n - resource: Include resource end in walk_*() interfaces\n (bsc#1114648).\n\n - Revert 'btrfs: qgroups: Retry after commit on getting\n EDQUOT' (bsc#1031392).\n\n - Revert 'drm: Do not pass negative delta to\n ktime_sub_ns()' (bsc#1106929)\n\n - Revert 'drm/i915: Initialize HWS page address after GPU\n reset' (bsc#1106929)\n\n - Revert 'KVM: x86: remove eager_fpu field of struct\n kvm_vcpu_arch' (kabi).\n\n - Revert 'media: v4l: event: Prevent freeing event\n subscriptions while accessed' (kabi).\n\n - Revert 'proc: restrict kernel stack dumps to root'\n (kabi).\n\n - Revert 'rpm/constraints.in: Lower default disk space\n requirement from 25G to 24G' This reverts commit\n 406abda1467c038842febffe264faae1fa2e3c1d. ok, did not\n wait long enough to see the failure.\n\n - Revert 'Skip intel_crt_init for Dell XPS 8700'\n (bsc#1106929)\n\n - Revert 'tcp: add tcp_ooo_try_coalesce() helper' (kabi).\n\n - Revert 'tcp: call tcp_drop() from tcp_data_queue_ofo()'\n (kabi).\n\n - Revert 'tcp: fix a stale ooo_last_skb after a replace'\n (kabi).\n\n - Revert 'tcp: free batches of packets in\n tcp_prune_ofo_queue()' (kabi).\n\n - Revert 'tcp: use an RB tree for ooo receive queue'\n (kabi).\n\n - Revert 'usb: cdc-wdm: Fix a sleep-in-atomic-context bug\n in service_outstanding_interrupt()' (bnc#1012382).\n\n - Revert 'x86/fpu: Finish excising 'eagerfpu'' (kabi).\n\n - Revert 'x86/fpu: Remove struct fpu::counter' (kabi).\n\n - Revert 'x86/fpu: Remove use_eager_fpu()' (kabi).\n\n - rndis_wlan: potential buffer overflow in\n rndis_wlan_auth_indication() (bnc#1012382).\n\n - rpm/apply-patches: Fix failure if there are no vanilla\n patches The grep command returns 1 if there are no\n patches and we are using pipefail.\n\n - rpm/constraints.in: build ARM on at least 2 cpus\n\n - rpm/constraints.in: Lower default disk space requirement\n from 25G to 24G 25G is rejected by the build service on\n ARM.\n\n - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to\n 4096 (bnc#1012382).\n\n - s390/chsc: Add exception handler for CHSC instruction\n (git-fixes).\n\n - s390/extmem: fix gcc 8 stringop-overflow warning\n (bnc#1012382).\n\n - s390/kdump: Fix elfcorehdr size calculation (git-fixes).\n\n - s390/kdump: Make elfcorehdr size calculation ABI\n compliant (git-fixes).\n\n - s390/mm: correct allocate_pgste proc_handler callback\n (git-fixes).\n\n - s390/qeth: do not dump past end of unknown HW header\n (bnc#1012382).\n\n - s390/qeth: handle failure on workqueue creation\n (git-fixes).\n\n - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n\n - s390/stacktrace: fix address ranges for asynchronous and\n panic stack (git-fixes).\n\n - scsi: bnx2i: add error handling for ioremap_nocache\n (bnc#1012382).\n\n - scsi: ibmvscsi: Improve strings handling (bnc#1012382).\n\n - scsi: klist: Make it safe to use klists in atomic\n context (bnc#1012382).\n\n - scsi: target/iscsi: Make iscsit_ta_authentication()\n respect the output buffer size (bnc#1012382).\n\n - selftests/efivarfs: add required kernel configs\n (bnc#1012382).\n\n - serial: cpm_uart: return immediately from console poll\n (bnc#1012382).\n\n - serial: imx: restore handshaking irq for imx1\n (bnc#1012382).\n\n - signal: Properly deliver SIGSEGV from x86 uprobes\n (bsc#1110006).\n\n - slub: make ->cpu_partial unsigned int (bnc#1012382).\n\n - smb2: fix missing files in root share directory listing\n (bnc#1012382).\n\n - smb3: fill in statfs fsid and correct namelen\n (bsc#1112905).\n\n - sound: enable interrupt after dma buffer initialization\n (bnc#1012382).\n\n - spi: rspi: Fix interrupted DMA transfers (bnc#1012382).\n\n - spi: rspi: Fix invalid SPI use during system suspend\n (bnc#1012382).\n\n - spi: sh-msiof: Fix handling of write value for SISTR\n register (bnc#1012382).\n\n - spi: sh-msiof: Fix invalid SPI use during system suspend\n (bnc#1012382).\n\n - spi: tegra20-slink: explicitly enable/disable clock\n (bnc#1012382).\n\n - staging: android: ashmem: Fix mmap size validation\n (bnc#1012382).\n\n - staging: rts5208: fix missing error check on call to\n rtsx_write_register (bnc#1012382).\n\n - stmmac: fix valid numbers of unicast filter entries\n (bnc#1012382).\n\n - target: log Data-Out timeouts as errors (bsc#1095805).\n\n - target: log NOP ping timeouts as errors (bsc#1095805).\n\n - target: split out helper for cxn timeout error stashing\n (bsc#1095805).\n\n - target: stash sess_err_stats on Data-Out timeout\n (bsc#1095805).\n\n - target: use ISCSI_IQN_LEN in iscsi_target_stat\n (bsc#1095805).\n\n - tcp: add tcp_ooo_try_coalesce() helper (bnc#1012382).\n\n - tcp: call tcp_drop() from tcp_data_queue_ofo()\n (bnc#1012382).\n\n - tcp: fix a stale ooo_last_skb after a replace\n (bnc#1012382).\n\n - tcp: free batches of packets in tcp_prune_ofo_queue()\n (bnc#1012382).\n\n - tcp: increment sk_drops for dropped rx packets\n (bnc#1012382).\n\n - tcp: use an RB tree for ooo receive queue (bnc#1012382).\n\n - team: Forbid enslaving team device to itself\n (bnc#1012382).\n\n - thermal: of-thermal: disable passive polling when\n thermal zone is disabled (bnc#1012382).\n\n - tools/vm/page-types.c: fix 'defined but not used'\n warning (bnc#1012382).\n\n - tools/vm/slabinfo.c: fix sign-compare warning\n (bnc#1012382).\n\n - tpm: Restore functionality to xen vtpm driver\n (bsc#1020645, git-fixes).\n\n - tsl2550: fix lux1_input error in low light\n (bnc#1012382).\n\n - ubifs: Check for name being NULL while mounting\n (bnc#1012382).\n\n - ucma: fix a use-after-free in ucma_resolve_ip()\n (bnc#1012382).\n\n - USB: fix error handling in usb_driver_claim_interface()\n (bnc#1012382).\n\n - usb: gadget: fotg210-udc: Fix memory leak of\n fotg210->ep[i] (bnc#1012382).\n\n - usb: gadget: serial: fix oops when data rx'd after close\n (bnc#1012382).\n\n - USB: handle NULL config in usb_find_alt_setting()\n (bnc#1012382).\n\n - USB: remove LPM management from\n usb_driver_claim_interface() (bnc#1012382).\n\n - USB: serial: kobil_sct: fix modem-status error handling\n (bnc#1012382).\n\n - USB: serial: simple: add Motorola Tetra MTP6550 id\n (bnc#1012382).\n\n - USB: usbdevfs: restore warning for nonsensical flags\n (bnc#1012382).\n\n - USB: usbdevfs: sanitize flags more (bnc#1012382).\n\n - usb: wusbcore: security: cast sizeof to int for\n comparison (bnc#1012382).\n\n - USB: yurex: Check for truncation in yurex_read()\n (bnc#1012382).\n\n - Use make --output-sync feature when available\n (bsc#1012422). The mesages in make output can interleave\n making it impossible to extract warnings reliably. Since\n version 4 GNU Make supports --output-sync flag that\n prints output of each sub-command atomically preventing\n this issue. Detect the flag and use it if available.\n SLE11 has make 3.81 so it is required to include make 4\n in the kernel OBS projects to take advantege of this.\n\n - Use upstream version of pci-hyperv change 35a88a18d7\n\n - uwb: hwa-rc: fix memory leak at probe (bnc#1012382).\n\n - vmci: type promotion bug in qp_host_get_user_memory()\n (bnc#1012382).\n\n - wlcore: Add missing PM call for\n wlcore_cmd_wait_for_event_or_timeout() (bnc#1012382).\n\n - wlcore: Fix memory leak in\n wlcore_cmd_wait_for_event_or_timeout (git-fixes).\n\n - x86/cpufeature: deduplicate X86_FEATURE_L1TF_PTEINV\n (kabi).\n\n - x86/entry/64: Add two more instruction suffixes\n (bnc#1012382).\n\n - x86/entry/64: Clear registers for exceptions/interrupts,\n to reduce speculation attack surface (bsc#1105931).\n\n - x86/entry/64: sanitize extra registers on syscall entry\n (bsc#1105931).\n\n - x86/fpu: Finish excising 'eagerfpu' (bnc#1012382).\n\n - x86/fpu: Remove second definition of fpu in\n __fpu__restore_sig() (bsc#1110006).\n\n - x86/fpu: Remove struct fpu::counter (bnc#1012382).\n\n - x86/fpu: Remove use_eager_fpu() (bnc#1012382).\n\n - x86/irq: implement\n irq_data_get_effective_affinity_mask() for v4.12\n (bsc#1109772).\n\n - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error\n (bsc#1114648).\n\n - x86/numa_emulation: Fix emulated-to-physical node\n mapping (bnc#1012382).\n\n - x86/paravirt: Fix some warning messages (bnc#1065600).\n\n - x86/percpu: Fix this_cpu_read() (bsc#1110006).\n\n - x86,sched: Allow topologies where NUMA nodes share an\n LLC (bsc#1091158, bsc#1101555).\n\n - x86/spec_ctrl: Fix spec_ctrl reporting (bsc#1106913,\n bsc#1111516).\n\n - x86/speculation: Apply IBPB more strictly to avoid\n cross-process data leak (bsc#1106913).\n\n - x86/speculation: Enable cross-hyperthread spectre v2\n STIBP mitigation (bsc#1106913).\n\n - x86/speculation: Propagate information about RSB filling\n mitigation to sysfs (bsc#1106913).\n\n - x86/time: Correct the attribute on jiffies' definition\n (bsc#1110006).\n\n - x86/tsc: Add missing header to tsc_msr.c (bnc#1012382).\n\n - xen: avoid crash in disable_hotplug_cpu (bnc#1012382\n bsc#1106594 bsc#1042422).\n\n - xen: fix GCC warning and remove duplicate\n EVTCHN_ROW/EVTCHN_COL usage (bnc#1012382).\n\n - xen/manage: do not complain about an empty value in\n control/sysrq node (bnc#1012382).\n\n - xhci: Add missing CAS workaround for Intel Sunrise Point\n xHCI (bnc#1012382).\n\n - xhci: Do not print a warning when setting link state for\n disabled ports (bnc#1012382).\n\n - rpm/kernel-binary.spec.in: Add missing export\n BRP_SIGN_FILES (bsc#1115587) The export line was\n accidentally dropped at merging scripts branch, which\n resulted in the invalid module signature.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1035053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1053043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1062303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1067906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1073579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1079524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=997172\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-debuginfo-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debuginfo-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debugsource-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-debuginfo-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-debuginfo-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debuginfo-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debugsource-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-devel-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-devel-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-html-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-pdf-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-macros-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-debugsource-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-qa-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-vanilla-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-syms-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-debuginfo-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debuginfo-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debugsource-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-devel-4.4.162-78.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-devel / kernel-macros / kernel-source / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:48:48", "description": "It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3847-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10902", "CVE-2018-12896", "CVE-2018-14734", "CVE-2018-16276", "CVE-2018-18445", "CVE-2018-18690", "CVE-2018-18710"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3847-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119827", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3847-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119827);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\", \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_xref(name:\"USN\", value:\"3847-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3847-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that a race condition existed in the raw MIDI driver\nfor the Linux kernel, leading to a double free vulnerability. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in\nthe Infiniband implementation in the Linux kernel. An attacker could\nuse this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux\nkernel did not properly restrict user space reads or writes. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not\ncorrectly compute numeric bounds in some situations. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS\nfile system in the Linux kernel in certain situations could cause an\nerror condition to occur. A local attacker could use this to cause a\ndenial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in\nthe CDROM driver of the Linux kernel. A local attacker could use this\nto expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3847-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\", \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3847-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1026-gcp\", pkgver:\"4.15.0-1026.27\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1028-kvm\", pkgver:\"4.15.0-1028.28\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1030-oem\", pkgver:\"4.15.0-1030.35\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1030-raspi2\", pkgver:\"4.15.0-1030.32\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1031-aws\", pkgver:\"4.15.0-1031.33\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1036-azure\", pkgver:\"4.15.0-1036.38\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-43-generic\", pkgver:\"4.15.0-43.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-43-generic-lpae\", pkgver:\"4.15.0-43.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-43-lowlatency\", pkgver:\"4.15.0-43.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-43-snapdragon\", pkgver:\"4.15.0-43.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws\", pkgver:\"4.15.0.1031.30\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-azure\", pkgver:\"4.15.0.1036.36\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1026.28\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic\", pkgver:\"4.15.0.43.45\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.15.0.43.45\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1026.28\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.15.0.1028.28\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.15.0.43.45\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.1030.35\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.15.0.1030.28\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.15.0.43.45\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-4.15-azure / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:33:21", "description": "It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-2647)\n\nIt was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nTetsuo Handa discovered a logic error in the TTY subsystem of the Linux kernel. A local attacker with access to pseudo terminal devices could use this to cause a denial of service. (CVE-2018-18386)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3849-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2647", "CVE-2018-10902", "CVE-2018-12896", "CVE-2018-14734", "CVE-2018-16276", "CVE-2018-18386", "CVE-2018-18690", "CVE-2018-18710"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3849-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119832", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3849-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119832);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-2647\", \"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\", \"CVE-2018-16276\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_xref(name:\"USN\", value:\"3849-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3849-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that a NULL pointer dereference existed in the\nkeyring subsystem of the Linux kernel. A local attacker could use this\nto cause a denial of service (system crash). (CVE-2017-2647)\n\nIt was discovered that a race condition existed in the raw MIDI driver\nfor the Linux kernel, leading to a double free vulnerability. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in\nthe Infiniband implementation in the Linux kernel. An attacker could\nuse this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux\nkernel did not properly restrict user space reads or writes. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nTetsuo Handa discovered a logic error in the TTY subsystem of the\nLinux kernel. A local attacker with access to pseudo terminal devices\ncould use this to cause a denial of service. (CVE-2018-18386)\n\nKanda Motohiro discovered that writing extended attributes to an XFS\nfile system in the Linux kernel in certain situations could cause an\nerror condition to occur. A local attacker could use this to cause a\ndenial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in\nthe CDROM driver of the Linux kernel. A local attacker could use this\nto expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3849-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-2647\", \"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\", \"CVE-2018-16276\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3849-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-164-generic\", pkgver:\"3.13.0-164.214\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-164-generic-lpae\", pkgver:\"3.13.0-164.214\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-164-lowlatency\", pkgver:\"3.13.0-164.214\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.164.174\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"3.13.0.164.174\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.164.174\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:47:44", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.162 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack-based buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bnc#1107829).\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).\n\nCVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025).\n\nCVE-2018-18710: An issue was discovered in the Linux kernel An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\nCVE-2018-9516: A lack of certain checks in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file might have resulted in receiving userspace buffer overflow and an out-of-bounds write or to the infinite loop. (bnc#1108498).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-11T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:3689-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10940", "CVE-2018-14633", "CVE-2018-16658", "CVE-2018-18281", "CVE-2018-18386", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-9516"], "modified": "2022-05-31T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:lttng-modules", "p-cpe:/a:novell:suse_linux:lttng-modules-debugsource", "p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default", "p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3689-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118882", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3689-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118882);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/31\");\n\n script_cve_id(\"CVE-2018-10940\", \"CVE-2018-14633\", \"CVE-2018-16658\", \"CVE-2018-18281\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2018-18710\", \"CVE-2018-9516\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:3689-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.162 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-14633: A security flaw was found in the\nchap_server_compute_md5() function in the ISCSI target code in a way\nan authentication request from an ISCSI initiator is processed. An\nunauthenticated remote attacker can cause a stack-based buffer\noverflow and smash up to 17 bytes of the stack. The attack requires\nthe iSCSI target to be enabled on the victim host. Depending on how\nthe target's code was built (i.e. depending on a compiler, compile\nflags and hardware architecture) an attack may lead to a system crash\nand thus to a denial-of-service or possibly to a non-authorized access\nto data exported by an iSCSI target. Due to the nature of the flaw,\nprivilege escalation cannot be fully ruled out, although we believe it\nis highly unlikely. (bnc#1107829).\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after\ndropping pagetable locks. If a syscall such as ftruncate() removes\nentries from the pagetables of a task that is in the middle of\nmremap(), a stale TLB entry can remain for a short time that permits\naccess to a physical page after it has been released back to the page\nallocator and reused. (bnc#1113769).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are\nable to access pseudo terminals) to hang/block further usage of any\npseudo terminal devices due to an EXTPROC versus ICANON confusion in\nTIOCINQ (bnc#1094825).\n\nCVE-2018-18690: A local attacker able to set attributes on an xfs\nfilesystem could make this filesystem non-operational until the next\nmount by triggering an unchecked error condition during an xfs\nattribute change, because xfs_attr_shortform_addname in\nfs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with\nconversion of an attr from short to long form (bnc#1105025).\n\nCVE-2018-18710: An issue was discovered in the Linux kernel An\ninformation leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c\ncould be used by local attackers to read kernel memory because a cast\nfrom unsigned long to int interferes with bounds checking. This is\nsimilar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\nCVE-2018-9516: A lack of certain checks in the hid_debug_events_read()\nfunction in the drivers/hid/hid-debug.c file might have resulted in\nreceiving userspace buffer overflow and an out-of-bounds write or to\nthe infinite loop. (bnc#1108498).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18281/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18386/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18690/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18710/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-9516/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183689-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e2148841\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-2621=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2621=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2621=1\n\nSUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch\nSUSE-SLE-HA-12-SP3-2018-2621=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2621=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14633\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"lttng-modules-2.7.1-8.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"lttng-modules-debugsource-2.7.1-8.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-default-2.7.1_k4.4.162_94.69-8.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.162_94.69-8.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.162-94.69.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-26T14:37:51", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.i1/4^CVE-2018-17972i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.i1/4^CVE-2018-10883i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.i1/4^CVE-2018-10878i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.i1/4^CVE-2018-10879i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.i1/4^CVE-2018-10881i1/4%0\n\n - An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. This can lead to a system crash and a denial of service.i1/4^CVE-2018-13094i1/4%0\n\n - An issue was discovered in the XFS filesystem in fs/xfs/xfs_icache.c in the Linux kernel. There is a NULL pointer dereference leading to a system panic in lookup_slow() on a NULL inode-i1/4zi_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during an allocation.i1/4^CVE-2018-13093i1/4%0\n\n - In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.i1/4^CVE-2018-18690i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1220)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-17972", "CVE-2018-18690"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "cpe:/o:huawei:euleros:uvp:2.5.3"], "id": "EULEROS_SA-2019-1220.NASL", "href": "https://www.tenable.com/plugins/nessus/123906", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123906);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-10878\",\n \"CVE-2018-10879\",\n \"CVE-2018-10881\",\n \"CVE-2018-10883\",\n \"CVE-2018-13093\",\n \"CVE-2018-13094\",\n \"CVE-2018-17972\",\n \"CVE-2018-18690\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1220)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in the proc_pid_stack function\n in fs/proc/base.c in the Linux kernel. An attacker with\n a local account can trick the stack unwinder code to\n leak stack contents to userspace. The fix allows only\n root to inspect the kernel stack of an arbitrary\n task.i1/4^CVE-2018-17972i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound write in\n jbd2_journal_dirty_metadata(), a denial of service, and\n a system crash by mounting and operating on a crafted\n ext4 filesystem image.i1/4^CVE-2018-10883i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a\n denial of service or unspecified other impact is\n possible by mounting and operating a crafted ext4\n filesystem image.i1/4^CVE-2018-10878i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause a use-after-free in\n ext4_xattr_set_entry function and a denial of service\n or unspecified other impact may occur by renaming a\n file in a crafted ext4 filesystem\n image.i1/4^CVE-2018-10879i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in\n ext4_get_group_info function, a denial of service, and\n a system crash by mounting and operating on a crafted\n ext4 filesystem image.i1/4^CVE-2018-10881i1/4%0\n\n - An issue was discovered in the XFS filesystem in\n fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A\n NULL pointer dereference may occur for a corrupted xfs\n image after xfs_da_shrink_inode() is called with a NULL\n bp. This can lead to a system crash and a denial of\n service.i1/4^CVE-2018-13094i1/4%0\n\n - An issue was discovered in the XFS filesystem in\n fs/xfs/xfs_icache.c in the Linux kernel. There is a\n NULL pointer dereference leading to a system panic in\n lookup_slow() on a NULL inode-i1/4zi_ops pointer when\n doing pathwalks on a corrupted xfs image. This occurs\n because of a lack of proper validation that cached\n inodes are free during an\n allocation.i1/4^CVE-2018-13093i1/4%0\n\n - In the Linux kernel before 4.17, a local attacker able\n to set attributes on an xfs filesystem could make this\n filesystem non-operational until the next mount by\n triggering an unchecked error condition during an xfs\n attribute change, because xfs_attr_shortform_addname in\n fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE\n operations with conversion of an attr from short to\n long form.i1/4^CVE-2018-18690i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1220\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8b0252f8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.3\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.3\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10_125\",\n \"kernel-devel-3.10.0-514.44.5.10_125\",\n \"kernel-headers-3.10.0-514.44.5.10_125\",\n \"kernel-tools-3.10.0-514.44.5.10_125\",\n \"kernel-tools-libs-3.10.0-514.44.5.10_125\",\n \"kernel-tools-libs-devel-3.10.0-514.44.5.10_125\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-26T14:37:35", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.i1/4^CVE-2019-5489i1/4%0\n\n - An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.i1/4^CVE-2018-17972i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.i1/4^CVE-2018-10883i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.i1/4^CVE-2018-10878i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.i1/4^CVE-2018-10879i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.i1/4^CVE-2018-10881i1/4%0\n\n - An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. This can lead to a system crash and a denial of service.i1/4^CVE-2018-13094i1/4%0\n\n - An issue was discovered in the XFS filesystem in fs/xfs/xfs_icache.c in the Linux kernel. There is a NULL pointer dereference leading to a system panic in lookup_slow() on a NULL inode-i1/4zi_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during an allocation.i1/4^CVE-2018-13093i1/4%0\n\n - In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.i1/4^CVE-2018-18690i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1223)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-17972", "CVE-2018-18690", "CVE-2019-5489"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "cpe:/o:huawei:euleros:uvp:2.5.4"], "id": "EULEROS_SA-2019-1223.NASL", "href": "https://www.tenable.com/plugins/nessus/123909", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123909);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-10878\",\n \"CVE-2018-10879\",\n \"CVE-2018-10881\",\n \"CVE-2018-10883\",\n \"CVE-2018-13093\",\n \"CVE-2018-13094\",\n \"CVE-2018-17972\",\n \"CVE-2018-18690\",\n \"CVE-2019-5489\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1223)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A new software page cache side channel attack scenario\n was discovered in operating systems that implement the\n very common 'page cache' caching mechanism. A malicious\n user/process could use 'in memory' page-cache knowledge\n to infer access timings to shared memory and gain\n knowledge which can be used to reduce effectiveness of\n cryptographic strength by monitoring algorithmic\n behavior, infer access patterns of memory to determine\n code paths taken, and exfiltrate data to a blinded\n attacker through page-granularity access times as a\n side-channel.i1/4^CVE-2019-5489i1/4%0\n\n - An issue was discovered in the proc_pid_stack function\n in fs/proc/base.c in the Linux kernel. An attacker with\n a local account can trick the stack unwinder code to\n leak stack contents to userspace. The fix allows only\n root to inspect the kernel stack of an arbitrary\n task.i1/4^CVE-2018-17972i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound write in\n jbd2_journal_dirty_metadata(), a denial of service, and\n a system crash by mounting and operating on a crafted\n ext4 filesystem image.i1/4^CVE-2018-10883i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a\n denial of service or unspecified other impact is\n possible by mounting and operating a crafted ext4\n filesystem image.i1/4^CVE-2018-10878i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause a use-after-free in\n ext4_xattr_set_entry function and a denial of service\n or unspecified other impact may occur by renaming a\n file in a crafted ext4 filesystem\n image.i1/4^CVE-2018-10879i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in\n ext4_get_group_info function, a denial of service, and\n a system crash by mounting and operating on a crafted\n ext4 filesystem image.i1/4^CVE-2018-10881i1/4%0\n\n - An issue was discovered in the XFS filesystem in\n fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A\n NULL pointer dereference may occur for a corrupted xfs\n image after xfs_da_shrink_inode() is called with a NULL\n bp. This can lead to a system crash and a denial of\n service.i1/4^CVE-2018-13094i1/4%0\n\n - An issue was discovered in the XFS filesystem in\n fs/xfs/xfs_icache.c in the Linux kernel. There is a\n NULL pointer dereference leading to a system panic in\n lookup_slow() on a NULL inode-i1/4zi_ops pointer when\n doing pathwalks on a corrupted xfs image. This occurs\n because of a lack of proper validation that cached\n inodes are free during an\n allocation.i1/4^CVE-2018-13093i1/4%0\n\n - In the Linux kernel before 4.17, a local attacker able\n to set attributes on an xfs filesystem could make this\n filesystem non-operational until the next mount by\n triggering an unchecked error condition during an xfs\n attribute change, because xfs_attr_shortform_addname in\n fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE\n operations with conversion of an attr from short to\n long form.i1/4^CVE-2018-18690i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1223\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?946c8a37\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.4\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.4\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.1_51\",\n \"kernel-devel-3.10.0-862.14.1.1_51\",\n \"kernel-headers-3.10.0-862.14.1.1_51\",\n \"kernel-tools-3.10.0-862.14.1.1_51\",\n \"kernel-tools-libs-3.10.0-862.14.1.1_51\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.1_51\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-09-02T12:33:13", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls.(CVE-2018-1130)\n\n - An issue was discovered in the XFS filesystem in fs/xfs/xfs_icache.c in the Linux kernel. There is a NULL pointer dereference leading to a system panic in lookup_slow() on a NULL inode-i1/4zi_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during an allocation.(CVE-2018-13093)\n\n - An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. This can lead to a system crash and a denial of service.(CVE-2018-13094)\n\n - A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not.(CVE-2018-13405)\n\n - A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack.\n The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial of service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely.(CVE-2018-14633)\n\n - An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system.(CVE-2018-14634)\n\n - A flaw was found in the Linux Kernel in the ucma_leave_multicast() function in drivers/infiniband/core/ucma.c which allows access to a certain data structure after freeing it in ucma_process_join(). This allows an attacker to cause a use-after-free bug and to induce kernel memory corruption, leading to a system crash or other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-14734)\n\n - It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests.(CVE-2018-15594)\n\n - An information leak was discovered in the Linux kernel in cdrom_ioctl_drive_status() function in drivers/cdrom/cdrom.c that could be used by local attackers to read kernel memory at certain location.(CVE-2018-16658)\n\n - In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.(CVE-2018-18690)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1511)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1130", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14634", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16658", "CVE-2018-18690"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1511.NASL", "href": "https://www.tenable.com/plugins/nessus/124833", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124833);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-1130\",\n \"CVE-2018-13093\",\n \"CVE-2018-13094\",\n \"CVE-2018-13405\",\n \"CVE-2018-14633\",\n \"CVE-2018-14634\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16658\",\n \"CVE-2018-18690\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1511)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A null pointer dereference in dccp_write_xmit()\n function in net/dccp/output.c in the Linux kernel\n allows a local user to cause a denial of service by a\n number of certain crafted system calls.(CVE-2018-1130)\n\n - An issue was discovered in the XFS filesystem in\n fs/xfs/xfs_icache.c in the Linux kernel. There is a\n NULL pointer dereference leading to a system panic in\n lookup_slow() on a NULL inode-i1/4zi_ops pointer when\n doing pathwalks on a corrupted xfs image. This occurs\n because of a lack of proper validation that cached\n inodes are free during an allocation.(CVE-2018-13093)\n\n - An issue was discovered in the XFS filesystem in\n fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A\n NULL pointer dereference may occur for a corrupted xfs\n image after xfs_da_shrink_inode() is called with a NULL\n bp. This can lead to a system crash and a denial of\n service.(CVE-2018-13094)\n\n - A vulnerability was found in the\n fs/inode.c:inode_init_owner() function logic of the\n LInux kernel that allows local users to create files\n with an unintended group ownership and with group\n execution and SGID permission bits set, in a scenario\n where a directory is SGID and belongs to a certain\n group and is writable by a user who is not a member of\n this group. This can lead to excessive permissions\n granted in case when they should not.(CVE-2018-13405)\n\n - A security flaw was found in the\n chap_server_compute_md5() function in the ISCSI target\n code in the Linux kernel in a way an authentication\n request from an ISCSI initiator is processed. An\n unauthenticated remote attacker can cause a stack\n buffer overflow and smash up to 17 bytes of the stack.\n The attack requires the iSCSI target to be enabled on\n the victim host. Depending on how the target's code was\n built (i.e. depending on a compiler, compile flags and\n hardware architecture) an attack may lead to a system\n crash and thus to a denial of service or possibly to a\n non-authorized access to data exported by an iSCSI\n target. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is highly unlikely.(CVE-2018-14633)\n\n - An integer overflow flaw was found in the Linux\n kernel's create_elf_tables() function. An unprivileged\n local user with access to SUID (or otherwise\n privileged) binary could use this flaw to escalate\n their privileges on the system.(CVE-2018-14634)\n\n - A flaw was found in the Linux Kernel in the\n ucma_leave_multicast() function in\n drivers/infiniband/core/ucma.c which allows access to a\n certain data structure after freeing it in\n ucma_process_join(). This allows an attacker to cause a\n use-after-free bug and to induce kernel memory\n corruption, leading to a system crash or other\n unspecified impact. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2018-14734)\n\n - It was found that paravirt_patch_call/jump() functions\n in the arch/x86/kernel/paravirt.c in the Linux kernel\n mishandles certain indirect calls, which makes it\n easier for attackers to conduct Spectre-v2 attacks\n against paravirtualized guests.(CVE-2018-15594)\n\n - An information leak was discovered in the Linux kernel\n in cdrom_ioctl_drive_status() function in\n drivers/cdrom/cdrom.c that could be used by local\n attackers to read kernel memory at certain\n location.(CVE-2018-16658)\n\n - In the Linux kernel before 4.17, a local attacker able\n to set attributes on an xfs filesystem could make this\n filesystem non-operational until the next mount by\n triggering an unchecked error condition during an xfs\n attribute change, because xfs_attr_shortform_addname in\n fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE\n operations with conversion of an attr from short to\n long form.(CVE-2018-18690)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1511\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8dfebfa0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-26T14:48:38", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.(CVE-2018-5803)\n\n - Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.(CVE-2018-1000026)\n\n - The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/mballoc.c:ext4_process_freed_data() function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted ext4 image to cause a kernel panic.(CVE-2018-1092)\n\n - In the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the aEUR~ie_lenaEURtm argument can cause a buffer overflow and thus a memory corruption leading to a system crash or other or unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-5848)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10881)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.(CVE-2018-10878)\n\n - A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack.\n The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial of service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely.(CVE-2018-14633)\n\n - An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking.(CVE-2018-16658)\n\n - In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.(CVE-2018-18690)\n\n - It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests.(CVE-2018-15594)\n\n - A security flaw was found in the Linux kernel in drivers/tty/n_tty.c which allows local attackers (ones who are able to access pseudo terminals) to lock them up and block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ handler.(CVE-2018-18386)\n\n - An out-of-bounds access issue was discovered in yurex_read() in drivers/usb/misc/yurex.c in the Linux kernel. A local attacker could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.(CVE-2018-16276)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1432)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000026", "CVE-2018-10878", "CVE-2018-10881", "CVE-2018-1092", "CVE-2018-14633", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-16658", "CVE-2018-18386", "CVE-2018-18690", "CVE-2018-5803", "CVE-2018-5848"], "modified": "2022-05-26T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1432.NASL", "href": "https://www.tenable.com/plugins/nessus/119921", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119921);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/26\");\n\n script_cve_id(\n \"CVE-2018-1092\",\n \"CVE-2018-5803\",\n \"CVE-2018-5848\",\n \"CVE-2018-10878\",\n \"CVE-2018-10881\",\n \"CVE-2018-14633\",\n \"CVE-2018-15594\",\n \"CVE-2018-16276\",\n \"CVE-2018-16658\",\n \"CVE-2018-18386\",\n \"CVE-2018-18690\",\n \"CVE-2018-1000026\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1432)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In the Linux Kernel before version 4.15.8, 4.14.25,\n 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the\n '_sctp_make_chunk()' function\n (net/sctp/sm_make_chunk.c) when handling SCTP packets\n length can be exploited to cause a kernel\n crash.(CVE-2018-5803)\n\n - Linux Linux kernel version at least v4.8 onwards,\n probably well before contains a Insufficient input\n validation vulnerability in bnx2x network card driver\n that can result in DoS: Network card firmware assertion\n takes card off-line. This attack appear to be\n exploitable via An attacker on a must pass a very\n large, specially crafted packet to the bnx2x card. This\n can be done from an untrusted guest\n VM.(CVE-2018-1000026)\n\n - The Linux kernel is vulnerable to a NULL pointer\n dereference in the\n ext4/mballoc.c:ext4_process_freed_data() function. An\n attacker could trick a legitimate user or a privileged\n attacker could exploit this by mounting a crafted ext4\n image to cause a kernel panic.(CVE-2018-1092)\n\n - In the function wmi_set_ie() in the Linux kernel the\n length validation code does not handle unsigned integer\n overflow properly. As a result, a large value of the\n aEUR~ie_lenaEURtm argument can cause a buffer overflow and\n thus a memory corruption leading to a system crash or\n other or unspecified impact. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2018-5848)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in\n ext4_get_group_info function, a denial of service, and\n a system crash by mounting and operating on a crafted\n ext4 filesystem image.(CVE-2018-10881)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a\n denial of service or unspecified other impact is\n possible by mounting and operating a crafted ext4\n filesystem image.(CVE-2018-10878)\n\n - A security flaw was found in the\n chap_server_compute_md5() function in the ISCSI target\n code in the Linux kernel in a way an authentication\n request from an ISCSI initiator is processed. An\n unauthenticated remote attacker can cause a stack\n buffer overflow and smash up to 17 bytes of the stack.\n The attack requires the iSCSI target to be enabled on\n the victim host. Depending on how the target's code was\n built (i.e. depending on a compiler, compile flags and\n hardware architecture) an attack may lead to a system\n crash and thus to a denial of service or possibly to a\n non-authorized access to data exported by an iSCSI\n target. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is highly unlikely.(CVE-2018-14633)\n\n - An issue was discovered in the Linux kernel before\n 4.18.6. An information leak in cdrom_ioctl_drive_status\n in drivers/cdrom/cdrom.c could be used by local\n attackers to read kernel memory because a cast from\n unsigned long to int interferes with bounds\n checking.(CVE-2018-16658)\n\n - In the Linux kernel before 4.17, a local attacker able\n to set attributes on an xfs filesystem could make this\n filesystem non-operational until the next mount by\n triggering an unchecked error condition during an xfs\n attribute change, because xfs_attr_shortform_addname in\n fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE\n operations with conversion of an attr from short to\n long form.(CVE-2018-18690)\n\n - It was found that paravirt_patch_call/jump() functions\n in the arch/x86/kernel/paravirt.c in the Linux kernel\n mishandles certain indirect calls, which makes it\n easier for attackers to conduct Spectre-v2 attacks\n against paravirtualized guests.(CVE-2018-15594)\n\n - A security flaw was found in the Linux kernel in\n drivers/tty/n_tty.c which allows local attackers (ones\n who are able to access pseudo terminals) to lock them\n up and block further usage of any pseudo terminal\n devices due to an EXTPROC versus ICANON confusion in\n TIOCINQ handler.(CVE-2018-18386)\n\n - An out-of-bounds access issue was discovered in\n yurex_read() in drivers/usb/misc/yurex.c in the Linux\n kernel. A local attacker could use user access\n read/writes with incorrect bounds checking in the yurex\n USB driver to crash the kernel or potentially escalate\n privileges.(CVE-2018-16276)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1432\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9dbf3082\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14633\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-5848\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.62.59.83.h120\",\n \"kernel-debug-3.10.0-327.62.59.83.h120\",\n \"kernel-debug-devel-3.10.0-327.62.59.83.h120\",\n \"kernel-debuginfo-3.10.0-327.62.59.83.h120\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h120\",\n \"kernel-devel-3.10.0-327.62.59.83.h120\",\n \"kernel-headers-3.10.0-327.62.59.83.h120\",\n \"kernel-tools-3.10.0-327.62.59.83.h120\",\n \"kernel-tools-libs-3.10.0-327.62.59.83.h120\",\n \"perf-3.10.0-327.62.59.83.h120\",\n \"python-perf-3.10.0-327.62.59.83.h120\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-26T14:33:09", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.(CVE-2018-10878)\n\n - An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. This is related to cgw_csum_xor_rel. An unprivileged user can trigger a system crash (general protection fault).(CVE-2019-3701)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10881)\n\n - A flaw was found in the Linux kernel's ext4 filesystem code. A stack-out-of-bounds write in ext4_update_inline_data() is possible when mounting and writing to a crafted ext4 image. An attacker could use this to cause a system crash and a denial of service.(CVE-2018-10880)\n\n - The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.(CVE-2013-3076)\n\n - weakness was found in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.(CVE-2018-1108)\n\n - An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.(CVE-2018-17972)\n\n - A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack.\n The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial of service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely.(CVE-2018-14633)\n\n - An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking.(CVE-2018-16658)\n\n - In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.(CVE-2018-18690)\n\n - A security flaw was found in the Linux kernel in drivers/tty/n_tty.c which allows local attackers (ones who are able to access pseudo terminals) to lock them up and block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ handler.(CVE-2018-18386)\n\n - The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.(CVE-2018-14646)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1028)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3076", "CVE-2018-10878", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-1108", "CVE-2018-14633", "CVE-2018-14646", "CVE-2018-16658", "CVE-2018-17972", "CVE-2018-18386", "CVE-2018-18690", "CVE-2019-3701"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1028.NASL", "href": "https://www.tenable.com/plugins/nessus/122201", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122201);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\n \"CVE-2013-3076\",\n \"CVE-2018-1108\",\n \"CVE-2018-10878\",\n \"CVE-2018-10880\",\n \"CVE-2018-10881\",\n \"CVE-2018-14633\",\n \"CVE-2018-14646\",\n \"CVE-2018-16658\",\n \"CVE-2018-17972\",\n \"CVE-2018-18386\",\n \"CVE-2018-18690\",\n \"CVE-2019-3701\"\n );\n script_bugtraq_id(59398);\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1028)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a\n denial of service or unspecified other impact is\n possible by mounting and operating a crafted ext4\n filesystem image.(CVE-2018-10878)\n\n - An issue was discovered in can_can_gw_rcv in\n net/can/gw.c in the Linux kernel through 4.19.13. The\n CAN frame modification rules allow bitwise logical\n operations that can be also applied to the can_dlc\n field. Because of a missing check, the CAN drivers may\n write arbitrary content beyond the data registers in\n the CAN controller's I/O memory when processing can-gw\n manipulated outgoing frames. This is related to\n cgw_csum_xor_rel. An unprivileged user can trigger a\n system crash (general protection fault).(CVE-2019-3701)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in\n ext4_get_group_info function, a denial of service, and\n a system crash by mounting and operating on a crafted\n ext4 filesystem image.(CVE-2018-10881)\n\n - A flaw was found in the Linux kernel's ext4 filesystem\n code. A stack-out-of-bounds write in\n ext4_update_inline_data() is possible when mounting and\n writing to a crafted ext4 image. An attacker could use\n this to cause a system crash and a denial of\n service.(CVE-2018-10880)\n\n - The crypto API in the Linux kernel through 3.9-rc8 does\n not initialize certain length variables, which allows\n local users to obtain sensitive information from kernel\n stack memory via a crafted recvmsg or recvfrom system\n call, related to the hash_recvmsg function in\n crypto/algif_hash.c and the skcipher_recvmsg function\n in crypto/algif_skcipher.c.(CVE-2013-3076)\n\n - weakness was found in the Linux kernel's implementation\n of random seed data. Programs, early in the boot\n sequence, could use the data allocated for the seed\n before it was sufficiently generated.(CVE-2018-1108)\n\n - An issue was discovered in the proc_pid_stack function\n in fs/proc/base.c in the Linux kernel. An attacker with\n a local account can trick the stack unwinder code to\n leak stack contents to userspace. The fix allows only\n root to inspect the kernel stack of an arbitrary\n task.(CVE-2018-17972)\n\n - A security flaw was found in the\n chap_server_compute_md5() function in the ISCSI target\n code in the Linux kernel in a way an authentication\n request from an ISCSI initiator is processed. An\n unauthenticated remote attacker can cause a stack\n buffer overflow and smash up to 17 bytes of the stack.\n The attack requires the iSCSI target to be enabled on\n the victim host. Depending on how the target's code was\n built (i.e. depending on a compiler, compile flags and\n hardware architecture) an attack may lead to a system\n crash and thus to a denial of service or possibly to a\n non-authorized access to data exported by an iSCSI\n target. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is highly unlikely.(CVE-2018-14633)\n\n - An issue was discovered in the Linux kernel before\n 4.18.6. An information leak in cdrom_ioctl_drive_status\n in drivers/cdrom/cdrom.c could be used by local\n attackers to read kernel memory because a cast from\n unsigned long to int interferes with bounds\n checking.(CVE-2018-16658)\n\n - In the Linux kernel before 4.17, a local attacker able\n to set attributes on an xfs filesystem could make this\n filesystem non-operational until the next mount by\n triggering an unchecked error condition during an xfs\n attribute change, because xfs_attr_shortform_addname in\n fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE\n operations with conversion of an attr from short to\n long form.(CVE-2018-18690)\n\n - A security flaw was found in the Linux kernel in\n drivers/tty/n_tty.c which allows local attackers (ones\n who are able to access pseudo terminals) to lock them\n up and block further usage of any pseudo terminal\n devices due to an EXTPROC versus ICANON confusion in\n TIOCINQ handler.(CVE-2018-18386)\n\n - The Linux kernel was found to be vulnerable to a NULL\n pointer dereference bug in the __netlink_ns_capable()\n function in the net/netlink/af_netlink.c file. A local\n attacker could exploit this when a net namespace with a\n netnsid is assigned to cause a kernel panic and a\n denial of service.(CVE-2018-14646)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1028\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?07205ed4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14633\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-10878\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.0.1.h80.eulerosv2r7\",\n \"kernel-debuginfo-3.10.0-862.14.0.1.h80.eulerosv2r7\",\n \"kernel-debuginfo-common-x86_64-3.10.0-862.14.0.1.h80.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.0.1.h80.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.0.1.h80.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.0.1.h80.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.0.1.h80.eulerosv2r7\",\n \"perf-3.10.0-862.14.0.1.h80.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.0.1.h80.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-27T14:17:43", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).\n\nCVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).\n\nCVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).\n\nCVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal).\nThe new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).\n\nCVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\nCVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\nCVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).\n\nCVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check.\nThis could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n(bnc#1108498).\n\nCVE-2019-3459, CVE-2019-3460: The Blutooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-20T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0439-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10940", "CVE-2018-16658", "CVE-2018-16862", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-18386", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-19824", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-9516", "CVE-2018-9568", "CVE-2019-3459", "CVE-2019-3460"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_101-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0439-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122343", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0439-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122343);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\n \"CVE-2018-9516\",\n \"CVE-2018-9568\",\n \"CVE-2018-10940\",\n \"CVE-2018-16658\",\n \"CVE-2018-16862\",\n \"CVE-2018-16884\",\n \"CVE-2018-18281\",\n \"CVE-2018-18386\",\n \"CVE-2018-18690\",\n \"CVE-2018-18710\",\n \"CVE-2018-19824\",\n \"CVE-2018-19985\",\n \"CVE-2018-20169\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0439-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-19985: The function hso_probe read if_num from the USB device\n(as an u8) and used it without a length check to index an array,\nresulting in an OOB memory read in hso_probe or hso_get_config_data\nthat could be used by local attackers (bnc#1120743).\n\nCVE-2018-16884: NFS41+ shares mounted in different network namespaces\nat the same time can make bc_svc_process() use wrong back-channel IDs\nand cause a use-after-free vulnerability. Thus a malicious container\nuser can cause a host kernel memory corruption and a system panic. Due\nto the nature of the flaw, privilege escalation cannot be fully ruled\nout (bnc#1119946).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the\nreading of an extra descriptor, related to __usb_get_extra_descriptor\nin drivers/usb/core/usb.c (bnc#1119714).\n\nCVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory\ncorruption due to type confusion. This could lead to local escalation\nof privilege with no additional execution privileges needed. User\ninteraction is not needed for exploitation. (bnc#1118319).\n\nCVE-2018-16862: A security flaw was found in a way that the cleancache\nsubsystem clears an inode after the final file truncation (removal).\nThe new file created with the same inode may contain leftover pages\nfrom cleancache and the old file data instead of the new one\n(bnc#1117186).\n\nCVE-2018-19824: A local user could exploit a use-after-free in the\nALSA driver by supplying a malicious USB Sound device (with zero\ninterfaces) that is mishandled in usb_audio_probe in sound/usb/card.c\n(bnc#1118152).\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after\ndropping pagetable locks. If a syscall such as ftruncate() removes\nentries from the pagetables of a task that is in the middle of\nmremap(), a stale TLB entry can remain for a short time that permits\naccess to a physical page after it has been released back to the page\nallocator and reused. (bnc#1113769).\n\nCVE-2018-18710: An information leak in cdrom_ioctl_select_disc in\ndrivers/cdrom/cdrom.c could be used by local attackers to read kernel\nmemory because a cast from unsigned long to int interferes with bounds\nchecking. This is similar to CVE-2018-10940 and CVE-2018-16658\n(bnc#1113751).\n\nCVE-2018-18690: A local attacker able to set attributes on an xfs\nfilesystem could make this filesystem non-operational until the next\nmount by triggering an unchecked error condition during an xfs\nattribute change, because xfs_attr_shortform_addname in\nfs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with\nconversion of an attr from short to long form (bnc#1105025).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are\nable to access pseudo terminals) to hang/block further usage of any\npseudo terminal devices due to an EXTPROC versus ICANON confusion in\nTIOCINQ (bnc#1094825).\n\nCVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c,\nthere is a possible out of bounds write due to a missing bounds check.\nThis could lead to local escalation of privilege with System execution\nprivileges needed. User interaction is not needed for exploitation.\n(bnc#1108498).\n\nCVE-2019-3459, CVE-2019-3460: The Blutooth stack suffered from two\nremote information leak vulnerabilities in the code that handles\nincoming L2cap configuration packets (bsc#1120758).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105931\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16862/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16884/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18281/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18386/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18690/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18710/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19824/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19985/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20169/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-9516/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-9568/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3459/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3460/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190439-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91b39243\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-439=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-439=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-439=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-439=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2019-439=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-439=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-439=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9568\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_101-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_101-default-1-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.121-92.101.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.121-92.101.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.121-92.101.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.121-92.101.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.121-92.101.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.121-92.101.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.121-92.101.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.121-92.101.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T14:27:16", "description": "The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.162 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\nCVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\nCVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).\n\nCVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check.\nThis could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n(bnc#1108498).\n\nCVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack-based buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bnc#1107829).\n\nCVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399).\n\nCVE-2018-16597: Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem (bnc#1106512).\n\nCVE-2018-14613: There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c (bnc#1102896).\n\nCVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bnc#1102870).\n\nCVE-2018-16276: Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges (bnc#1106095 bnc#1115593).\n\nCVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1087209).\n\nCVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bnc#1082863).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-16T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0095-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10940", "CVE-2018-14613", "CVE-2018-14617", "CVE-2018-14633", "CVE-2018-16276", "CVE-2018-16597", "CVE-2018-16658", "CVE-2018-17182", "CVE-2018-18281", "CVE-2018-18386", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-7480", "CVE-2018-7757", "CVE-2018-9516"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0095-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121208", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0095-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121208);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\n \"CVE-2018-7480\",\n \"CVE-2018-7757\",\n \"CVE-2018-9516\",\n \"CVE-2018-10940\",\n \"CVE-2018-14613\",\n \"CVE-2018-14617\",\n \"CVE-2018-14633\",\n \"CVE-2018-16276\",\n \"CVE-2018-16597\",\n \"CVE-2018-16658\",\n \"CVE-2018-17182\",\n \"CVE-2018-18281\",\n \"CVE-2018-18386\",\n \"CVE-2018-18690\",\n \"CVE-2018-18710\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0095-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.162\nto receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after\ndropping pagetable locks. If a syscall such as ftruncate() removes\nentries from the pagetables of a task that is in the middle of\nmremap(), a stale TLB entry can remain for a short time that permits\naccess to a physical page after it has been released back to the page\nallocator and reused. (bnc#1113769).\n\nCVE-2018-18710: An information leak in cdrom_ioctl_select_disc in\ndrivers/cdrom/cdrom.c could be used by local attackers to read kernel\nmemory because a cast from unsigned long to int interferes with bounds\nchecking. This is similar to CVE-2018-10940 and CVE-2018-16658\n(bnc#1113751).\n\nCVE-2018-18690: A local attacker able to set attributes on an xfs\nfilesystem could make this filesystem non-operational until the next\nmount by triggering an unchecked error condition during an xfs\nattribute change, because xfs_attr_shortform_addname in\nfs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with\nconversion of an attr from short to long form (bnc#1105025).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are\nable to access pseudo terminals) to hang/block further usage of any\npseudo terminal devices due to an EXTPROC versus ICANON confusion in\nTIOCINQ (bnc#1094825).\n\nCVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c,\nthere is a possible out of bounds write due to a missing bounds check.\nThis could lead to local escalation of privilege with System execution\nprivileges needed. User interaction is not needed for exploitation.\n(bnc#1108498).\n\nCVE-2018-14633: A security flaw was found in the\nchap_server_compute_md5() function in the ISCSI target code in a way\nan authentication request from an ISCSI initiator is processed. An\nunauthenticated remote attacker can cause a stack-based buffer\noverflow and smash up to 17 bytes of the stack. The attack requires\nthe iSCSI target to be enabled on the victim host. Depending on how\nthe target's code was built (i.e. depending on a compiler, compile\nflags and hardware architecture) an attack may lead to a system crash\nand thus to a denial-of-service or possibly to a non-authorized access\nto data exported by an iSCSI target. Due to the nature of the flaw,\nprivilege escalation cannot be fully ruled out, although we believe it\nis highly unlikely. (bnc#1107829).\n\nCVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c\nmishandled sequence number overflows. An attacker can trigger a\nuse-after-free (and possibly gain privileges) via certain thread\ncreation, map, unmap, invalidation, and dereference operations\n(bnc#1108399).\n\nCVE-2018-16597: Incorrect access checking in overlayfs mounts could be\nused by local attackers to modify or truncate files in the underlying\nfilesystem (bnc#1106512).\n\nCVE-2018-14613: There is an invalid pointer dereference in\nio_ctl_map_page() when mounting and operating a crafted btrfs image,\nbecause of a lack of block group item validation in check_leaf_item in\nfs/btrfs/tree-checker.c (bnc#1102896).\n\nCVE-2018-14617: There is a NULL pointer dereference and panic in\nhfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is\npurportedly a hard link) in an hfs+ filesystem that has malformed\ncatalog data, and is mounted read-only without a metadata directory\n(bnc#1102870).\n\nCVE-2018-16276: Local attackers could use user access read/writes with\nincorrect bounds checking in the yurex USB driver to crash the kernel\nor potentially escalate privileges (bnc#1106095 bnc#1115593).\n\nCVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in\ndrivers/scsi/libsas/sas_expander.c allowed local users to cause a\ndenial of service (memory consumption) via many read accesses to files\nin the /sys/class/sas_phy directory, as demonstrated by the\n/sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1087209).\n\nCVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c\nallowed local users to cause a denial of service (double free) or\npossibly have unspecified other impact by triggering a creation\nfailure (bnc#1082863).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011920\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012422\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042422\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082863\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083215\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102495\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103269\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104124\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105931\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106359\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106913\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108823\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109336\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109919\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112262\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112894\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=981083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=997172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14613/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14617/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14633/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16276/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16597/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-17182/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18281/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18386/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18690/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18710/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-7480/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-7757/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-9516/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190095-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fa701622\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-95=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14633\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-9516\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-4.4.162-4.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.4.162-4.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.4.162-4.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.4.162-4.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.4.162-4.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.4.162-4.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.4.162-4.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-02-19T13:49:51", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - In the Linux kernel, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data. This allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impacts.(CVE-2017-18222i1/4%0\n\n - A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.(CVE-2015-5366i1/4%0\n\n - A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within\n __sys_recvmmsg() function.(CVE-2016-7117i1/4%0\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode.(CVE-2016-4440i1/4%0\n\n - In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.(CVE-2018-18690i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.(CVE-2018-10878i1/4%0\n\n - Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.(CVE-2015-2150i1/4%0\n\n - The assoc_array_insert_into_terminal_node() function in 'lib/assoc_array.c' in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures.(CVE-2016-7914i1/4%0\n\n - It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel.(CVE-2015-5307i1/4%0\n\n - An issue was discovered in fs/f2fs/super.c in the Linux kernel, which does not properly validate secs_per_zone in a corrupted f2fs image. This may lead to a divide-by-zero error and a system crash.(CVE-2018-13100i1/4%0\n\n - The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7266i1/4%0\n\n - A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system.(CVE-2014-2678i1/4%0\n\n - A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely.(CVE-2017-6214i1/4%0\n\n - The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.(CVE-2018-10087i1/4%0\n\n - Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that establishes a packet filter.(CVE-2015-0569i1/4%0\n\n - A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file.(CVE-2014-8086i1/4%0\n\n - The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the -i1/4zexe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free condition and to induce a kernel memory corruption on the system, leading to a crash or possibly have unspecified other impact by running a specially crafted program. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we feel it is unlikely.(CVE-2017-17052i1/4%0\n\n - A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AES-GCM mode IPSec security association.(CVE-2015-3331i1/4%0\n\n - A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space.(CVE-2017-1000410i1/4%0\n\n - It was found that a remote attacker could use a race condition flaw in the ath_tx_aggr_sleep() function to crash the system by creating large network traffic on the system's Atheros 9k wireless network adapter.(CVE-2014-2672i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1484)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7266", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-8086", "CVE-2015-0569", "CVE-2015-2150", "CVE-2015-3331", "CVE-2015-5307", "CVE-2015-5366", "CVE-2016-4440", "CVE-2016-7117", "CVE-2016-7914", "CVE-2017-1000410", "CVE-2017-17052", "CVE-2017-18222", "CVE-2017-6214", "CVE-2018-10087", "CVE-2018-10878", "CVE-2018-13100", "CVE-2018-18690"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1484.NASL", "href": "https://www.tenable.com/plugins/nessus/124808", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124808);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-7266\",\n \"CVE-2014-2672\",\n \"CVE-2014-2678\",\n \"CVE-2014-8086\",\n \"CVE-2015-0569\",\n \"CVE-2015-2150\",\n \"CVE-2015-3331\",\n \"CVE-2015-5307\",\n \"CVE-2015-5366\",\n \"CVE-2016-4440\",\n \"CVE-2016-7117\",\n \"CVE-2016-7914\",\n \"CVE-2017-1000410\",\n \"CVE-2017-17052\",\n \"CVE-2017-18222\",\n \"CVE-2017-6214\",\n \"CVE-2018-10087\",\n \"CVE-2018-10878\",\n \"CVE-2018-13100\",\n \"CVE-2018-18690\"\n );\n script_bugtraq_id(\n 64743,\n 66492,\n 66543,\n 70376,\n 73014,\n 74235,\n 75510\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1484)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - In the Linux kernel, Hisilicon Network Subsystem (HNS)\n does not consider the ETH_SS_PRIV_FLAGS case when\n retrieving sset_count data. This allows local users to\n cause a denial of service (buffer overflow and memory\n corruption) or possibly have unspecified other\n impacts.(CVE-2017-18222i1/4%0\n\n - A flaw was found in the way the Linux kernel's\n networking implementation handled UDP packets with\n incorrect checksum values. A remote attacker could\n potentially use this flaw to trigger an infinite loop\n in the kernel, resulting in a denial of service on the\n system, or cause a denial of service in applications\n using the edge triggered epoll\n functionality.(CVE-2015-5366i1/4%0\n\n - A use-after-free vulnerability was found in the\n kernel's socket recvmmsg subsystem. This may allow\n remote attackers to corrupt memory and may allow\n execution of arbitrary code. This corruption takes\n place during the error handling routines within\n __sys_recvmmsg() function.(CVE-2016-7117i1/4%0\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3\n mishandles the APICv on/off state, which allows guest\n OS users to obtain direct APIC MSR access on the host\n OS, and consequently cause a denial of service (host OS\n crash) or possibly execute arbitrary code on the host\n OS, via x2APIC mode.(CVE-2016-4440i1/4%0\n\n - In the Linux kernel before 4.17, a local attacker able\n to set attributes on an xfs filesystem could make this\n filesystem non-operational until the next mount by\n triggering an unchecked error condition during an xfs\n attribute change, because xfs_attr_shortform_addname in\n fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE\n operations with conversion of an attr from short to\n long form.(CVE-2018-18690i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a\n denial of service or unspecified other impact is\n possible by mounting and operating a crafted ext4\n filesystem image.(CVE-2018-10878i1/4%0\n\n - Xen 3.3.x through 4.5.x and the Linux kernel through\n 3.19.1 do not properly restrict access to PCI command\n registers, which might allow local guest OS users to\n cause a denial of service (non-maskable interrupt and\n host crash) by disabling the (1) memory or (2) I/O\n decoding for a PCI Express device and then accessing\n the device, which triggers an Unsupported Request (UR)\n response.(CVE-2015-2150i1/4%0\n\n - The assoc_array_insert_into_terminal_node() function in\n 'lib/assoc_array.c' in the Linux kernel before 4.5.3\n does not check whether a slot is a leaf, which allows\n local users to obtain sensitive information from kernel\n memory or cause a denial of service (invalid pointer\n dereference and out-of-bounds read) via an application\n that uses associative-array data\n structures.(CVE-2016-7914i1/4%0\n\n - It was found that the x86 ISA (Instruction Set\n Architecture) is prone to a denial of service attack\n inside a virtualized environment in the form of an\n infinite loop in the microcode due to the way\n (sequential) delivering of benign exceptions such as\n #AC (alignment check exception) is handled. A\n privileged user inside a guest could use this flaw to\n create denial of service conditions on the host\n kernel.(CVE-2015-5307i1/4%0\n\n - An issue was discovered in fs/f2fs/super.c in the Linux\n kernel, which does not properly validate secs_per_zone\n in a corrupted f2fs image. This may lead to a\n divide-by-zero error and a system\n crash.(CVE-2018-13100i1/4%0\n\n - The mISDN_sock_recvmsg function in\n drivers/isdn/mISDN/socket.c in the Linux kernel before\n 3.12.4 does not ensure that a certain length value is\n consistent with the size of an associated data\n structure, which allows local users to obtain sensitive\n information from kernel memory via a (1) recvfrom, (2)\n recvmmsg, or (3) recvmsg system call.(CVE-2013-7266i1/4%0\n\n - A NULL pointer dereference flaw was found in the\n rds_iw_laddr_check() function in the Linux kernel's\n implementation of Reliable Datagram Sockets (RDS). A\n local, unprivileged user could use this flaw to crash\n the system.(CVE-2014-2678i1/4%0\n\n - A flaw was found in the Linux kernel's handling of\n packets with the URG flag. Applications using the\n splice() and tcp_splice_read() functionality could\n allow a remote attacker to force the kernel to enter a\n condition in which it could loop\n indefinitely.(CVE-2017-6214i1/4%0\n\n - The kernel_wait4 function in kernel/exit.c in the Linux\n kernel before 4.13, when an unspecified architecture\n and compiler is used, might allow local users to cause\n a denial of service by triggering an attempted use of\n the -INT_MIN value.(CVE-2018-10087i1/4%0\n\n - Heap-based buffer overflow in the private wireless\n extensions IOCTL implementation in wlan_hdd_wext.c in\n the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x\n and 4.x, as used in Qualcomm Innovation Center (QuIC)\n Android contributions for MSM devices and other\n products, allows attackers to gain privileges via a\n crafted application that establishes a packet\n filter.(CVE-2015-0569i1/4%0\n\n - A race condition flaw was found in the Linux kernel's\n ext4 file system implementation that allowed a local,\n unprivileged user to crash the system by simultaneously\n writing to a file and toggling the O_DIRECT flag using\n fcntl(F_SETFL) on that file.(CVE-2014-8086i1/4%0\n\n - The mm_init function in kernel/fork.c in the Linux\n kernel before 4.12.10 does not clear the -i1/4zexe_file\n member of a new process's mm_struct, allowing a local\n attacker to achieve a use-after-free condition and to\n induce a kernel memory corruption on the system,\n leading to a crash or possibly have unspecified other\n impact by running a specially crafted program. Due to\n the nature of the flaw, privilege escalation cannot be\n fully ruled out, although we feel it is\n unlikely.(CVE-2017-17052i1/4%0\n\n - A buffer overflow flaw was found in the way the Linux\n kernel's Intel AES-NI instructions optimized version of\n the RFC4106 GCM mode decryption functionality handled\n fragmented packets. A remote attacker could use this\n flaw to crash, or potentially escalate their privileges\n on, a system over a connection with an active AES-GCM\n mode IPSec security association.(CVE-2015-3331i1/4%0\n\n - A flaw was found in the processing of incoming L2CAP\n bluetooth commands. Uninitialized stack variables can\n be sent to an attacker leaking data in kernel address\n space.(CVE-2017-1000410i1/4%0\n\n - It was found that a remote attacker could use a race\n condition flaw in the ath_tx_aggr_sleep() function to\n crash the system by creating large network traffic on\n the system's Atheros 9k wireless network\n adapter.(CVE-2014-2672i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1484\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?afeb6657\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:50:47", "description": "The linux update issued as DLA-1731-1 caused a regression in the vmxnet3 (VMware virtual network adapter) driver. This update corrects that regression, and an earlier regression in the CIFS network filesystem implementation introduced in DLA-1422-1. For reference the original advisory text follows.\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2016-10741\n\nA race condition was discovered in XFS that would result in a crash (BUG). A local user permitted to write to an XFS volume could use this for denial of service.\n\nCVE-2017-5753\n\nFurther instances of code that was vulnerable to Spectre variant 1 (bounds-check bypass) have been mitigated.\n\nCVE-2017-13305\n\nA memory over-read was discovered in the keys subsystem's encrypted key type. A local user could use this for denial of service or possibly to read sensitive information.\n\nCVE-2018-3639 (SSB)\n\nMultiple researchers have discovered that Speculative Store Bypass (SSB), a feature implemented in many processors, could be used to read sensitive information from another context. In particular, code in a software sandbox may be able to read sensitive information from outside the sandbox. This issue is also known as Spectre variant 4.\n\nThis update fixes bugs in the mitigations for SSB for AMD processors.\n\nCVE-2018-5848\n\nThe wil6210 wifi driver did not properly validate lengths in scan and connection requests, leading to a possible buffer overflow. On systems using this driver, a local user with the CAP_NET_ADMIN capability could use this for denial of service (memory corruption or crash) or potentially for privilege escalation.\n\nCVE-2018-5953\n\nThe swiotlb subsystem printed kernel memory addresses to the system log, which could help a local attacker to exploit other vulnerabilities.\n\nCVE-2018-12896, CVE-2018-13053\n\nTeam OWL337 reported possible integer overflows in the POSIX timer implementation. These might have some security impact.\n\nCVE-2018-16862\n\nVasily Averin and Pavel Tikhomirov from Virtuozzo Kernel Team discovered that the cleancache memory management feature did not invalidate cached data for deleted files. On Xen guests using the tmem driver, local users could potentially read data from other users' deleted files if they were able to create new files on the same volume.\n\nCVE-2018-16884\n\nA flaw was found in the NFS 4.1 client implementation. Mounting NFS shares in multiple network namespaces at the same time could lead to a user-after-free. Local users might be able to use this for denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nThis can be mitigated by disabling unprivileged users from creating user namespaces, which is the default in Debian.\n\nCVE-2018-17972\n\nJann Horn reported that the /proc/*/stack files in procfs leaked sensitive data from the kernel. These files are now only readable by users with the CAP_SYS_ADMIN capability (usually only root)\n\nCVE-2018-18281\n\nJann Horn reported a race condition in the virtual memory manager that can result in a process briefly having access to memory after it is freed and reallocated. A local user permitted to create containers could possibly exploit this for denial of service (memory corruption) or for privilege escalation.\n\nCVE-2018-18690\n\nKanda Motohiro reported that XFS did not correctly handle some xattr (extended attribute) writes that require changing the disk format of the xattr. A user with access to an XFS volume could use this for denial of service.\n\nCVE-2018-18710\n\nIt was discovered that the cdrom driver does not correctly validate the parameter to the CDROM_SELECT_DISC ioctl. A user with access to a cdrom device could use this to read sensitive information from the kernel or to cause a denial of service (crash).\n\nCVE-2018-19824\n\nHui Peng and Mathias Payer discovered a use-after-free bug in the USB audio driver. A physically present attacker able to attach a specially designed USB device could use this for privilege escalation.\n\nCVE-2018-19985\n\nHui Peng and Mathias Payer discovered a missing bounds check in the hso USB serial driver. A physically present user able to attach a specially designed USB device could use this to read sensitive information from the kernel or to cause a denial of service (crash).\n\nCVE-2018-20169\n\nHui Peng and Mathias Payer discovered missing bounds checks in the USB core. A physically present attacker able to attach a specially designed USB device could use this to cause a denial of service (crash) or possibly for privilege escalation.\n\nCVE-2018-20511\n\nInfoSect reported an information leak in the AppleTalk IP/DDP implemntation. A local user with CAP_NET_ADMIN capability could use this to read sensitive information from the kernel.\n\nCVE-2019-3701\n\nMuyu Yu and Marcus Meissner reported that the CAN gateway implementation allowed the frame length to be modified, typically resulting in out-of-bounds memory-mapped I/O writes. On a system with CAN devices present, a local user with CAP_NET_ADMIN capability in the initial net namespace could use this to cause a crash (oops) or other hardware-dependent impact.\n\nCVE-2019-3819\n\nA potential infinite loop was discovered in the HID debugfs interface exposed under /sys/kernel/debug/hid. A user with access to these files could use this for denial of service.\n\nThis interface is only accessible to root by default, which fully mitigates the issue.\n\nCVE-2019-6974\n\nJann Horn reported a use-after-free bug in KVM. A local user with access to /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-7221\n\nJim Mattson and Felix Wilhelm reported a user-after-free bug in KVM's nested VMX implementation. On systems with Intel CPUs, a local user with access to /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nNested VMX is disabled by default, which fully mitigates the issue.\n\nCVE-2019-7222\n\nFelix Wilhelm reported an information leak in KVM for x86. A local user with access to /dev/kvm could use this to read sensitive information from the kernel.\n\nCVE-2019-9213\n\nJann Horn reported that privileged tasks could cause stack segments, including those in other processes, to grow downward to address 0. On systems lacking SMAP (x86) or PAN (ARM), this exacerbated other vulnerabilities: a NULL pointer dereference could be exploited for privilege escalation rather than only for denial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 3.16.64-1.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-28T00:00:00", "type": "nessus", "title": "Debian DLA-1731-2 : linux regression update (Spectre)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10741", "CVE-2017-13305", "CVE-2017-5753", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-16862", "CVE-2018-16884", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-19824", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-3639", "CVE-2018-5848", "CVE-2018-5953", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-9213"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-x86", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-x86", "p-cpe:/a:debian:debian_linux:linux-doc-3.16", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-586", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-common", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-ixp4xx", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-kirkwood", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-orion5x", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-versatile", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-586", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-ixp4xx", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-kirkwood", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-orion5x", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-versatile", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-3.16", "p-cpe:/a:debian:debian_linux:linux-source-3.16", "p-cpe:/a:debian:debian_linux:linux-support-3.16.0-9", "p-cpe:/a:debian:debian_linux:xen-linux-system-3.16.0-9-amd64", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1731.NASL", "href": "https://www.tenable.com/plugins/nessus/123420", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1731-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123420);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10741\", \"CVE-2017-13305\", \"CVE-2017-5753\", \"CVE-2018-12896\", \"CVE-2018-13053\", \"CVE-2018-16862\", \"CVE-2018-16884\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-18690\", \"CVE-2018-18710\", \"CVE-2018-19824\", \"CVE-2018-19985\", \"CVE-2018-20169\", \"CVE-2018-20511\", \"CVE-2018-3639\", \"CVE-2018-5848\", \"CVE-2018-5953\", \"CVE-2019-3701\", \"CVE-2019-3819\", \"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\", \"CVE-2019-9213\");\n\n script_name(english:\"Debian DLA-1731-2 : linux regression update (Spectre)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The linux update issued as DLA-1731-1 caused a regression in the\nvmxnet3 (VMware virtual network adapter) driver. This update corrects\nthat regression, and an earlier regression in the CIFS network\nfilesystem implementation introduced in DLA-1422-1. For reference the\noriginal advisory text follows.\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2016-10741\n\nA race condition was discovered in XFS that would result in a crash\n(BUG). A local user permitted to write to an XFS volume could use this\nfor denial of service.\n\nCVE-2017-5753\n\nFurther instances of code that was vulnerable to Spectre variant 1\n(bounds-check bypass) have been mitigated.\n\nCVE-2017-13305\n\nA memory over-read was discovered in the keys subsystem's encrypted\nkey type. A local user could use this for denial of service or\npossibly to read sensitive information.\n\nCVE-2018-3639 (SSB)\n\nMultiple researchers have discovered that Speculative Store Bypass\n(SSB), a feature implemented in many processors, could be used to read\nsensitive information from another context. In particular, code in a\nsoftware sandbox may be able to read sensitive information from\noutside the sandbox. This issue is also known as Spectre variant 4.\n\nThis update fixes bugs in the mitigations for SSB for AMD\nprocessors.\n\nCVE-2018-5848\n\nThe wil6210 wifi driver did not properly validate lengths in scan and\nconnection requests, leading to a possible buffer overflow. On systems\nusing this driver, a local user with the CAP_NET_ADMIN capability\ncould use this for denial of service (memory corruption or crash) or\npotentially for privilege escalation.\n\nCVE-2018-5953\n\nThe swiotlb subsystem printed kernel memory addresses to the system\nlog, which could help a local attacker to exploit other\nvulnerabilities.\n\nCVE-2018-12896, CVE-2018-13053\n\nTeam OWL337 reported possible integer overflows in the POSIX timer\nimplementation. These might have some security impact.\n\nCVE-2018-16862\n\nVasily Averin and Pavel Tikhomirov from Virtuozzo Kernel Team\ndiscovered that the cleancache memory management feature did not\ninvalidate cached data for deleted files. On Xen guests using the tmem\ndriver, local users could potentially read data from other users'\ndeleted files if they were able to create new files on the same\nvolume.\n\nCVE-2018-16884\n\nA flaw was found in the NFS 4.1 client implementation. Mounting NFS\nshares in multiple network namespaces at the same time could lead to a\nuser-after-free. Local users might be able to use this for denial of\nservice (memory corruption or crash) or possibly for privilege\nescalation.\n\nThis can be mitigated by disabling unprivileged users from\ncreating user namespaces, which is the default in Debian.\n\nCVE-2018-17972\n\nJann Horn reported that the /proc/*/stack files in procfs leaked\nsensitive data from the kernel. These files are now only readable by\nusers with the CAP_SYS_ADMIN capability (usually only root)\n\nCVE-2018-18281\n\nJann Horn reported a race condition in the virtual memory manager that\ncan result in a process briefly having access to memory after it is\nfreed and reallocated. A local user permitted to create containers\ncould possibly exploit this for denial of service (memory corruption)\nor for privilege escalation.\n\nCVE-2018-18690\n\nKanda Motohiro reported that XFS did not correctly handle some xattr\n(extended attribute) writes that require changing the disk format of\nthe xattr. A user with access to an XFS volume could use this for\ndenial of service.\n\nCVE-2018-18710\n\nIt was discovered that the cdrom driver does not correctly validate\nthe parameter to the CDROM_SELECT_DISC ioctl. A user with access to a\ncdrom device could use this to read sensitive information from the\nkernel or to cause a denial of service (crash).\n\nCVE-2018-19824\n\nHui Peng and Mathias Payer discovered a use-after-free bug in the USB\naudio driver. A physically present attacker able to attach a specially\ndesigned USB device could use this for privilege escalation.\n\nCVE-2018-19985\n\nHui Peng and Mathias Payer discovered a missing bounds check in the\nhso USB serial driver. A physically present user able to attach a\nspecially designed USB device could use this to read sensitive\ninformation from the kernel or to cause a denial of service (crash).\n\nCVE-2018-20169\n\nHui Peng and Mathias Payer discovered missing bounds checks in the USB\ncore. A physically present attacker able to attach a specially\ndesigned USB device could use this to cause a denial of service\n(crash) or possibly for privilege escalation.\n\nCVE-2018-20511\n\nInfoSect reported an information leak in the AppleTalk IP/DDP\nimplemntation. A local user with CAP_NET_ADMIN capability could use\nthis to read sensitive information from the kernel.\n\nCVE-2019-3701\n\nMuyu Yu and Marcus Meissner reported that the CAN gateway\nimplementation allowed the frame length to be modified, typically\nresulting in out-of-bounds memory-mapped I/O writes. On a system with\nCAN devices present, a local user with CAP_NET_ADMIN capability in the\ninitial net namespace could use this to cause a crash (oops) or other\nhardware-dependent impact.\n\nCVE-2019-3819\n\nA potential infinite loop was discovered in the HID debugfs interface\nexposed under /sys/kernel/debug/hid. A user with access to these files\ncould use this for denial of service.\n\nThis interface is only accessible to root by default, which\nfully mitigates the issue.\n\nCVE-2019-6974\n\nJann Horn reported a use-after-free bug in KVM. A local user with\naccess to /dev/kvm could use this to cause a denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2019-7221\n\nJim Mattson and Felix Wilhelm reported a user-after-free bug in KVM's\nnested VMX implementation. On systems with Intel CPUs, a local user\nwith access to /dev/kvm could use this to cause a denial of service\n(memory corruption or crash) or possibly for privilege escalation.\n\nNested VMX is disabled by default, which fully mitigates the\nissue.\n\nCVE-2019-7222\n\nFelix Wilhelm reported an information leak in KVM for x86. A local\nuser with access to /dev/kvm could use this to read sensitive\ninformation from the kernel.\n\nCVE-2019-9213\n\nJann Horn reported that privileged tasks could cause stack segments,\nincluding those in other processes, to grow downward to address 0. On\nsystems lacking SMAP (x86) or PAN (ARM), this exacerbated other\nvulnerabilities: a NULL pointer dereference could be exploited for\nprivilege escalation rather than only for denial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.16.64-1.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20169\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-3.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-586\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-ixp4xx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-kirkwood\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-orion5x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-586\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-ixp4xx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-kirkwood\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-orion5x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-3.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-3.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-3.16.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-linux-system-3.16.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.64-2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-25T14:22:21", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2017-18249\n\nA race condition was discovered in the disk space allocator of F2FS. A user with access to an F2FS volume could use this to cause a denial of service or other security impact.\n\nCVE-2018-1128, CVE-2018-1129\n\nThe cephx authentication protocol used by Ceph was susceptible to replay attacks, and calculated signatures incorrectly. These vulnerabilities in the server required changes to authentication that are incompatible with existing clients. The kernel's client code has now been updated to be compatible with the fixed server.\n\nCVE-2018-3639 (SSB)\n\nMultiple researchers have discovered that Speculative Store Bypass (SSB), a feature implemented in many processors, could be used to read sensitive information from another context. In particular, code in a software sandbox may be able to read sensitive information from outside the sandbox. This issue is also known as Spectre variant 4.\n\nThis update adds a further mitigation for this issue in the eBPF (Extended Berkeley Packet Filter) implementation.\n\nCVE-2018-5391 (FragmentSmack)\n\nJuha-Matti Tilli discovered a flaw in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker can take advantage of this flaw to trigger time and calculation expensive fragment reassembly algorithms by sending specially crafted packets, leading to remote denial of service.\n\nThis was previously mitigated by reducing the default limits on memory usage for incomplete fragmented packets. This update replaces that mitigation with a more complete fix.\n\nCVE-2018-5848\n\nThe wil6210 wifi driver did not properly validate lengths in scan and connection requests, leading to a possible buffer overflow. On systems using this driver, a local user with the CAP_NET_ADMIN capability could use this for denial of service (memory corruption or crash) or potentially for privilege escalation.\n\nCVE-2018-12896, CVE-2018-13053\n\nTeam OWL337 reported possible integer overflows in the POSIX timer implementation. These might have some security impact.\n\nCVE-2018-13096, CVE-2018-13097, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616\n\nWen Xu from SSLab at Gatech reported that crafted F2FS volumes could trigger a crash (BUG, Oops, or division by zero) and/or out-of-bounds memory access. An attacker able to mount such a volume could use this to cause a denial of service or possibly for privilege escalation.\n\nCVE-2018-13406\n\nDr Silvio Cesare of InfoSect reported a potential integer overflow in the uvesafb driver. A user with permission to access such a device might be able to use this for denial of service or privilege escalation.\n\nCVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613\n\nWen Xu from SSLab at Gatech reported that crafted Btrfs volumes could trigger a crash (Oops) and/or out-of-bounds memory access. An attacker able to mount such a volume could use this to cause a denial of service or possibly for privilege escalation.\n\nCVE-2018-15471 ((XSA-270)\n\nFelix Wilhelm of Google Project Zero discovered a flaw in the hash handling of the xen-netback Linux kernel module. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in privilege escalation, denial of service, or information leaks.\n\nhttps://xenbits.xen.org/xsa/advisory-270.html\n\nCVE-2018-16862\n\nVasily Averin and Pavel Tikhomirov from Virtuozzo Kernel Team discovered that the cleancache memory management feature did not invalidate cached data for deleted files. On Xen guests using the tmem driver, local users could potentially read data from other users' deleted files if they were able to create new files on the same volume.\n\nCVE-2018-17972\n\nJann Horn reported that the /proc/*/stack files in procfs leaked sensitive data from the kernel. These files are now only readable by users with the CAP_SYS_ADMIN capability (usually only root)\n\nCVE-2018-18281\n\nJann Horn reported a race condition in the virtual memory manager that can result in a process briefly having access to memory after it is freed and reallocated. A local user could possibly exploit this for denial of service (memory corruption) or for privilege escalation.\n\nCVE-2018-18690\n\nKanda Motohiro reported that XFS did not correctly handle some xattr (extended attribute) writes that require changing the disk format of the xattr. A user with access to an XFS volume could use this for denial of service.\n\nCVE-2018-18710\n\nIt was discovered that the cdrom driver does not correctly validate the parameter to the CDROM_SELECT_DISC ioctl. A user with access to a cdrom device could use this to read sensitive information from the kernel or to cause a denial of service (crash).\n\nCVE-2018-19407\n\nWei Wu reported a potential crash (Oops) in the KVM implementation for x86 processors. A user with access to /dev/kvm could use this for denial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 4.9.144-3.1~deb8u1. This version also includes fixes for Debian bugs #890034, #896911, #907581, #915229, and #915231; and other fixes included in upstream stable updates.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-18T00:00:00", "type": "nessus", "title": "Debian DLA-1715-1 : linux-4.9 security update (Spectre)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18249", "CVE-2018-1128", "CVE-2018-1129", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13100", "CVE-2018-13406", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14616", "CVE-2018-15471", "CVE-2018-16862", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-19407", "CVE-2018-3639", "CVE-2018-5391", "CVE-2018-5848", "CVE-2018-6554"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1715.NASL", "href": "https://www.tenable.com/plugins/nessus/122879", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1715-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122879);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-18249\", \"CVE-2018-1128\", \"CVE-2018-1129\", \"CVE-2018-12896\", \"CVE-2018-13053\", \"CVE-2018-13096\", \"CVE-2018-13097\", \"CVE-2018-13100\", \"CVE-2018-13406\", \"CVE-2018-14610\", \"CVE-2018-14611\", \"CVE-2018-14612\", \"CVE-2018-14613\", \"CVE-2018-14614\", \"CVE-2018-14616\", \"CVE-2018-15471\", \"CVE-2018-16862\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-18690\", \"CVE-2018-18710\", \"CVE-2018-19407\", \"CVE-2018-3639\", \"CVE-2018-5391\", \"CVE-2018-5848\", \"CVE-2018-6554\");\n\n script_name(english:\"Debian DLA-1715-1 : linux-4.9 security update (Spectre)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-18249\n\nA race condition was discovered in the disk space allocator of F2FS. A\nuser with access to an F2FS volume could use this to cause a denial of\nservice or other security impact.\n\nCVE-2018-1128, CVE-2018-1129\n\nThe cephx authentication protocol used by Ceph was susceptible to\nreplay attacks, and calculated signatures incorrectly. These\nvulnerabilities in the server required changes to authentication that\nare incompatible with existing clients. The kernel's client code has\nnow been updated to be compatible with the fixed server.\n\nCVE-2018-3639 (SSB)\n\nMultiple researchers have discovered that Speculative Store Bypass\n(SSB), a feature implemented in many processors, could be used to read\nsensitive information from another context. In particular, code in a\nsoftware sandbox may be able to read sensitive information from\noutside the sandbox. This issue is also known as Spectre variant 4.\n\nThis update adds a further mitigation for this issue in the\neBPF (Extended Berkeley Packet Filter) implementation.\n\nCVE-2018-5391 (FragmentSmack)\n\nJuha-Matti Tilli discovered a flaw in the way the Linux kernel handled\nreassembly of fragmented IPv4 and IPv6 packets. A remote attacker can\ntake advantage of this flaw to trigger time and calculation expensive\nfragment reassembly algorithms by sending specially crafted packets,\nleading to remote denial of service.\n\nThis was previously mitigated by reducing the default limits\non memory usage for incomplete fragmented packets. This\nupdate replaces that mitigation with a more complete fix.\n\nCVE-2018-5848\n\nThe wil6210 wifi driver did not properly validate lengths in scan and\nconnection requests, leading to a possible buffer overflow. On systems\nusing this driver, a local user with the CAP_NET_ADMIN capability\ncould use this for denial of service (memory corruption or crash) or\npotentially for privilege escalation.\n\nCVE-2018-12896, CVE-2018-13053\n\nTeam OWL337 reported possible integer overflows in the POSIX timer\nimplementation. These might have some security impact.\n\nCVE-2018-13096, CVE-2018-13097, CVE-2018-13100, CVE-2018-14614,\nCVE-2018-14616\n\nWen Xu from SSLab at Gatech reported that crafted F2FS volumes could\ntrigger a crash (BUG, Oops, or division by zero) and/or out-of-bounds\nmemory access. An attacker able to mount such a volume could use this\nto cause a denial of service or possibly for privilege escalation.\n\nCVE-2018-13406\n\nDr Silvio Cesare of InfoSect reported a potential integer overflow in\nthe uvesafb driver. A user with permission to access such a device\nmight be able to use this for denial of service or privilege\nescalation.\n\nCVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613\n\nWen Xu from SSLab at Gatech reported that crafted Btrfs volumes could\ntrigger a crash (Oops) and/or out-of-bounds memory access. An attacker\nable to mount such a volume could use this to cause a denial of\nservice or possibly for privilege escalation.\n\nCVE-2018-15471 ((XSA-270)\n\nFelix Wilhelm of Google Project Zero discovered a flaw in the hash\nhandling of the xen-netback Linux kernel module. A malicious or buggy\nfrontend may cause the (usually privileged) backend to make out of\nbounds memory accesses, potentially resulting in privilege escalation,\ndenial of service, or information leaks.\n\nhttps://xenbits.xen.org/xsa/advisory-270.html\n\nCVE-2018-16862\n\nVasily Averin and Pavel Tikhomirov from Virtuozzo Kernel Team\ndiscovered that the cleancache memory management feature did not\ninvalidate cached data for deleted files. On Xen guests using the tmem\ndriver, local users could potentially read data from other users'\ndeleted files if they were able to create new files on the same\nvolume.\n\nCVE-2018-17972\n\nJann Horn reported that the /proc/*/stack files in procfs leaked\nsensitive data from the kernel. These files are now only readable by\nusers with the CAP_SYS_ADMIN capability (usually only root)\n\nCVE-2018-18281\n\nJann Horn reported a race condition in the virtual memory manager that\ncan result in a process briefly having access to memory after it is\nfreed and reallocated. A local user could possibly exploit this for\ndenial of service (memory corruption) or for privilege escalation.\n\nCVE-2018-18690\n\nKanda Motohiro reported that XFS did not correctly handle some xattr\n(extended attribute) writes that require changing the disk format of\nthe xattr. A user with access to an XFS volume could use this for\ndenial of service.\n\nCVE-2018-18710\n\nIt was discovered that the cdrom driver does not correctly validate\nthe parameter to the CDROM_SELECT_DISC ioctl. A user with access to a\ncdrom device could use this to read sensitive information from the\nkernel or to cause a denial of service (crash).\n\nCVE-2018-19407\n\nWei Wu reported a potential crash (Oops) in the KVM implementation for\nx86 processors. A user with access to /dev/kvm could use this for\ndenial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.9.144-3.1~deb8u1. This version also includes fixes for Debian bugs\n#890034, #896911, #907581, #915229, and #915231; and other fixes\nincluded in upstream stable updates.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux-4.9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://xenbits.xen.org/xsa/advisory-270.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-13406\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-arm\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-amd64\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armel\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armhf\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-i386\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-amd64\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common-rt\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-marvell\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae-dbg\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64-dbg\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-marvell\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-4.9\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-4.9.0-0.bpo.7\", reference:\"4.9.144-3.1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-25T14:21:45", "description": "New kernel packages are available for Slackware 14.2 to fix security issues.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-31T00:00:00", "type": "nessus", "title": "Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-030-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18241", "CVE-2017-18249", "CVE-2018-10880", "CVE-2018-1120", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14616", "CVE-2018-14633", "CVE-2018-16862", "CVE-2018-16884", "CVE-2018-17972", "CVE-2018-18021", "CVE-2018-18281", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-19824", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-5848", "CVE-2018-7755", "CVE-2019-3701"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:kernel-firmware", "p-cpe:/a:slackware:slackware_linux:kernel-generic", "p-cpe:/a:slackware:slackware_linux:kernel-generic-smp", "p-cpe:/a:slackware:slackware_linux:kernel-headers", "p-cpe:/a:slackware:slackware_linux:kernel-huge", "p-cpe:/a:slackware:slackware_linux:kernel-huge-smp", "p-cpe:/a:slackware:slackware_linux:kernel-modules", "p-cpe:/a:slackware:slackware_linux:kernel-modules-smp", "p-cpe:/a:slackware:slackware_linux:kernel-source", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2019-030-01.NASL", "href": "https://www.tenable.com/plugins/nessus/121505", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2019-030-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121505);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2017-18241\", \"CVE-2017-18249\", \"CVE-2018-10880\", \"CVE-2018-1120\", \"CVE-2018-12896\", \"CVE-2018-13053\", \"CVE-2018-13096\", \"CVE-2018-13097\", \"CVE-2018-13099\", \"CVE-2018-13100\", \"CVE-2018-14610\", \"CVE-2018-14611\", \"CVE-2018-14612\", \"CVE-2018-14613\", \"CVE-2018-14614\", \"CVE-2018-14616\", \"CVE-2018-14633\", \"CVE-2018-16862\", \"CVE-2018-16884\", \"CVE-2018-17972\", \"CVE-2018-18021\", \"CVE-2018-18281\", \"CVE-2018-18690\", \"CVE-2018-18710\", \"CVE-2018-19824\", \"CVE-2018-19985\", \"CVE-2018-20169\", \"CVE-2018-20511\", \"CVE-2018-5848\", \"CVE-2018-7755\", \"CVE-2019-3701\");\n script_xref(name:\"SSA\", value:\"2019-030-01\");\n\n script_name(english:\"Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-030-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New kernel packages are available for Slackware 14.2 to fix security\nissues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.842527\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0db5ea06\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14633\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-firmware\", pkgver:\"20190118_a8b75ca\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic\", pkgver:\"4.4.172\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic-smp\", pkgver:\"4.4.172_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-headers\", pkgver:\"4.4.172_smp\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge\", pkgver:\"4.4.172\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge-smp\", pkgver:\"4.4.172_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules\", pkgver:\"4.4.172\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules-smp\", pkgver:\"4.4.172_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-source\", pkgver:\"4.4.172_smp\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-firmware\", pkgver:\"20190118_a8b75ca\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-generic\", pkgver:\"4.4.172\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-headers\", pkgver:\"4.4.172\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-huge\", pkgver:\"4.4.172\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-modules\", pkgver:\"4.4.172\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-source\", pkgver:\"4.4.172\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-03-10T14:46:40", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)\n\n* kernel: a NULL pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/ wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/ libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120;\nEvgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-16T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2018:3083)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2017-18360", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-18690", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781"], "modified": "2022-05-27T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2018-3083.NASL", "href": "https://www.tenable.com/plugins/nessus/118990", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:3083 and \n# CentOS Errata and Security Advisory 2018:3083 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118990);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/27\");\n\n script_cve_id(\n \"CVE-2015-8830\",\n \"CVE-2016-4913\",\n \"CVE-2017-0861\",\n \"CVE-2017-10661\",\n \"CVE-2017-17805\",\n \"CVE-2017-18208\",\n \"CVE-2017-18232\",\n \"CVE-2017-18344\",\n \"CVE-2017-18360\",\n \"CVE-2018-1092\",\n \"CVE-2018-1094\",\n \"CVE-2018-1118\",\n \"CVE-2018-1120\",\n \"CVE-2018-1130\",\n \"CVE-2018-5344\",\n \"CVE-2018-5391\",\n \"CVE-2018-5803\",\n \"CVE-2018-5848\",\n \"CVE-2018-7740\",\n \"CVE-2018-7757\",\n \"CVE-2018-8781\",\n \"CVE-2018-10322\",\n \"CVE-2018-10878\",\n \"CVE-2018-10879\",\n \"CVE-2018-10881\",\n \"CVE-2018-10883\",\n \"CVE-2018-10902\",\n \"CVE-2018-10940\",\n \"CVE-2018-13405\",\n \"CVE-2018-18690\",\n \"CVE-2018-1000026\"\n );\n script_xref(name:\"RHSA\", value:\"2018:3083\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2018:3083)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw named FragmentSmack was found in the way the Linux kernel\nhandled reassembly of fragmented IPv4 and IPv6 packets. A remote\nattacker could use this flaw to trigger time and calculation expensive\nfragment reassembly algorithm by sending specially crafted packets\nwhich could lead to a CPU saturation and hence a denial of service on\nthe system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in\nkernel/time/ posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to\nexecute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free\n(CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit\non non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols\n(CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem\npotentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected\nagainst race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle\nzero-length inputs allowing local attackers to cause denial of service\n(CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function\nallows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments\ncauses denial of service (CVE-2018-1120)\n\n* kernel: a NULL pointer dereference in dccp_write_xmit() leads to a\nsystem crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization\nallowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk()\nfunction allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/\nwmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a\ncrafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow\nfor denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL\n(CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of\nService (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when\nmounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes\ncrash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in\nvhost/vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in\nmm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in\ndrivers/scsi/ libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared()\nwhen mounting crafted xfs image allowing denial of service\n(CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a\ncrafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting\nand operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata\nfunction (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c\n(CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University -\nDepartment of Communications and Networking and Nokia Bell Labs) for\nreporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting\nCVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120;\nEvgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and\nWen Xu for reporting CVE-2018-1092 and CVE-2018-1094.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2018-November/005315.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5bad9901\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-8781\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-24T14:46:39", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)\n\n* kernel: a NULL pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/ wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/ libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120;\nEvgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-31T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2018:3083)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2017-18360", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-18690", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-3083.NASL", "href": "https://www.tenable.com/plugins/nessus/118525", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:3083. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118525);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2015-8830\",\n \"CVE-2016-4913\",\n \"CVE-2017-0861\",\n \"CVE-2017-10661\",\n \"CVE-2017-17805\",\n \"CVE-2017-18208\",\n \"CVE-2017-18232\",\n \"CVE-2017-18344\",\n \"CVE-2017-18360\",\n \"CVE-2018-1092\",\n \"CVE-2018-1094\",\n \"CVE-2018-1118\",\n \"CVE-2018-1120\",\n \"CVE-2018-1130\",\n \"CVE-2018-5344\",\n \"CVE-2018-5391\",\n \"CVE-2018-5803\",\n \"CVE-2018-5848\",\n \"CVE-2018-7740\",\n \"CVE-2018-7757\",\n \"CVE-2018-8781\",\n \"CVE-2018-10322\",\n \"CVE-2018-10878\",\n \"CVE-2018-10879\",\n \"CVE-2018-10881\",\n \"CVE-2018-10883\",\n \"CVE-2018-10902\",\n \"CVE-2018-10940\",\n \"CVE-2018-13405\",\n \"CVE-2018-18690\",\n \"CVE-2018-1000026\"\n );\n script_xref(name:\"RHSA\", value:\"2018:3083\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2018:3083)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw named FragmentSmack was found in the way the Linux kernel\nhandled reassembly of fragmented IPv4 and IPv6 packets. A remote\nattacker could use this flaw to trigger time and calculation expensive\nfragment reassembly algorithm by sending specially crafted packets\nwhich could lead to a CPU saturation and hence a denial of service on\nthe system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in\nkernel/time/ posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to\nexecute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free\n(CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit\non non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols\n(CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem\npotentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected\nagainst race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle\nzero-length inputs allowing local attackers to cause denial of service\n(CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function\nallows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments\ncauses denial of service (CVE-2018-1120)\n\n* kernel: a NULL pointer dereference in dccp_write_xmit() leads to a\nsystem crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization\nallowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk()\nfunction allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/\nwmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a\ncrafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow\nfor denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL\n(CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of\nService (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when\nmounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes\ncrash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in\nvhost/vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in\nmm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in\ndrivers/scsi/ libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared()\nwhen mounting crafted xfs image allowing denial of service\n(CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a\ncrafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting\nand operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata\nfunction (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c\n(CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University -\nDepartment of Communications and Networking and Nokia Bell Labs) for\nreporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting\nCVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120;\nEvgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and\nWen Xu for reporting CVE-2018-1092 and CVE-2018-1094.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/articles/3553061\");\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3395ff0b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:3083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2015-8830\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-4913\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-0861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-10661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-17805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-7740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-7757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-8781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-13405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-18690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1000026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-8781\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8830\", \"CVE-2016-4913\", \"CVE-2017-0861\", \"CVE-2017-10661\", \"CVE-2017-17805\", \"CVE-2017-18208\", \"CVE-2017-18232\", \"CVE-2017-18344\", \"CVE-2017-18360\", \"CVE-2018-1000026\", \"CVE-2018-10322\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10881\", \"CVE-2018-10883\", \"CVE-2018-10902\", \"CVE-2018-1092\", \"CVE-2018-1094\", \"CVE-2018-10940\", \"CVE-2018-1118\", \"CVE-2018-1120\", \"CVE-2018-1130\", \"CVE-2018-13405\", \"CVE-2018-18690\", \"CVE-2018-5344\", \"CVE-2018-5391\", \"CVE-2018-5803\", \"CVE-2018-5848\", \"CVE-2018-7740\", \"CVE-2018-7757\", \"CVE-2018-8781\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:3083\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:3083\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-957.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-24T14:46:17", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)\n\n* kernel: a NULL pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/ wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/ libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120;\nEvgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-31T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2018:3096)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2017-18360", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-18690", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-3096.NASL", "href": "https://www.tenable.com/plugins/nessus/118528", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:3096. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118528);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2015-8830\",\n \"CVE-2016-4913\",\n \"CVE-2017-0861\",\n \"CVE-2017-10661\",\n \"CVE-2017-17805\",\n \"CVE-2017-18208\",\n \"CVE-2017-18232\",\n \"CVE-2017-18344\",\n \"CVE-2017-18360\",\n \"CVE-2018-1092\",\n \"CVE-2018-1094\",\n \"CVE-2018-1118\",\n \"CVE-2018-1120\",\n \"CVE-2018-1130\",\n \"CVE-2018-5344\",\n \"CVE-2018-5391\",\n \"CVE-2018-5803\",\n \"CVE-2018-5848\",\n \"CVE-2018-7740\",\n \"CVE-2018-7757\",\n \"CVE-2018-8781\",\n \"CVE-2018-10322\",\n \"CVE-2018-10878\",\n \"CVE-2018-10879\",\n \"CVE-2018-10881\",\n \"CVE-2018-10883\",\n \"CVE-2018-10902\",\n \"CVE-2018-10940\",\n \"CVE-2018-13405\",\n \"CVE-2018-18690\",\n \"CVE-2018-1000026\"\n );\n script_xref(name:\"RHSA\", value:\"2018:3096\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2018:3096)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* A flaw named FragmentSmack was found in the way the Linux kernel\nhandled reassembly of fragmented IPv4 and IPv6 packets. A remote\nattacker could use this flaw to trigger time and calculation expensive\nfragment reassembly algorithm by sending specially crafted packets\nwhich could lead to a CPU saturation and hence a denial of service on\nthe system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in\nkernel/time/ posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to\nexecute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free\n(CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit\non non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols\n(CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem\npotentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected\nagainst race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle\nzero-length inputs allowing local attackers to cause denial of service\n(CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function\nallows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments\ncauses denial of service (CVE-2018-1120)\n\n* kernel: a NULL pointer dereference in dccp_write_xmit() leads to a\nsystem crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization\nallowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk()\nfunction allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/\nwmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a\ncrafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow\nfor denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL\n(CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of\nService (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when\nmounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes\ncrash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in vhost.c:vhost_new_msg()\n(CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in\nmm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in\ndrivers/scsi/ libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared()\nwhen mounting crafted xfs image allowing denial of service\n(CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a\ncrafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting\nand operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata\nfunction (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c\n(CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University -\nDepartment of Communications and Networking and Nokia Bell Labs) for\nreporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting\nCVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120;\nEvgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and\nWen Xu for reporting CVE-2018-1092 and CVE-2018-1094.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/articles/3553061\");\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3395ff0b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:3096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2015-8830\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-4913\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-0861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-10661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-17805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-7740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-7757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-8781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-13405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-18690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1000026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-8781\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8830\", \"CVE-2016-4913\", \"CVE-2017-0861\", \"CVE-2017-10661\", \"CVE-2017-17805\", \"CVE-2017-18208\", \"CVE-2017-18232\", \"CVE-2017-18344\", \"CVE-2017-18360\", \"CVE-2018-1000026\", \"CVE-2018-10322\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10881\", \"CVE-2018-10883\", \"CVE-2018-10902\", \"CVE-2018-1092\", \"CVE-2018-1094\", \"CVE-2018-10940\", \"CVE-2018-1118\", \"CVE-2018-1120\", \"CVE-2018-1130\", \"CVE-2018-13405\", \"CVE-2018-18690\", \"CVE-2018-5344\", \"CVE-2018-5391\", \"CVE-2018-5803\", \"CVE-2018-5848\", \"CVE-2018-7740\", \"CVE-2018-7757\", \"CVE-2018-8781\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:3096\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:3096\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-957.rt56.910.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-10T14:47:17", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-3083 advisory.\n\n - The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.\n (CVE-2016-4913)\n\n - Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. (CVE-2017-10661)\n\n - Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. (CVE-2017-0861)\n\n - Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE:\n this vulnerability exists because of a CVE-2012-6701 regression. (CVE-2015-8830)\n\n - In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the\n _sctp_make_chunk() function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. (CVE-2018-5803)\n\n - Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. (CVE-2018-1130)\n\n - The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. (CVE-2018-8781)\n\n - The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).\n (CVE-2017-18344)\n\n - The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. (CVE-2018-5391)\n\n - The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. (CVE-2018-13405)\n\n - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. (CVE-2017-17805)\n\n - The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.\n (CVE-2017-18208)\n\n - The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error- handling code. (CVE-2017-18232)\n\n - The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. (CVE-2018-1092)\n\n - In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.\n (CVE-2018-5848)\n\n - Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. (CVE-2018-7757)\n\n - The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. (CVE-2018-10322)\n\n - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (CVE-2018-10878)\n\n - The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.\n (CVE-2018-1094)\n\n - Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. (CVE-2018-1118)\n\n - A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). (CVE-2018-1120)\n\n - In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact. (CVE-2018-5344)\n\n - The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. (CVE-2018-7740)\n\n - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. (CVE-2018-10879)\n\n - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (CVE-2018-10881)\n\n - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (CVE-2018-10883)\n\n - It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. (CVE-2018-10902)\n\n - The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. (CVE-2018-10940)\n\n - Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..\n (CVE-2018-1000026)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2018-3083)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6701", "CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2017-18360", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-18690", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781"], "modified": "2022-05-31T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2018-3083.NASL", "href": "https://www.tenable.com/plugins/nessus/118770", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-3083.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118770);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/31\");\n\n script_cve_id(\n \"CVE-2015-8830\",\n \"CVE-2016-4913\",\n \"CVE-2017-0861\",\n \"CVE-2017-10661\",\n \"CVE-2017-17805\",\n \"CVE-2017-18208\",\n \"CVE-2017-18232\",\n \"CVE-2017-18344\",\n \"CVE-2017-18360\",\n \"CVE-2018-1092\",\n \"CVE-2018-1094\",\n \"CVE-2018-1118\",\n \"CVE-2018-1120\",\n \"CVE-2018-1130\",\n \"CVE-2018-5344\",\n \"CVE-2018-5391\",\n \"CVE-2018-5803\",\n \"CVE-2018-5848\",\n \"CVE-2018-7740\",\n \"CVE-2018-7757\",\n \"CVE-2018-8781\",\n \"CVE-2018-10322\",\n \"CVE-2018-10878\",\n \"CVE-2018-10879\",\n \"CVE-2018-10881\",\n \"CVE-2018-10883\",\n \"CVE-2018-10902\",\n \"CVE-2018-10940\",\n \"CVE-2018-13405\",\n \"CVE-2018-18690\",\n \"CVE-2018-1000026\"\n );\n script_xref(name:\"RHSA\", value:\"2018:3083\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2018-3083)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2018-3083 advisory.\n\n - The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM\n (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive\n information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.\n (CVE-2016-4913)\n\n - Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or\n cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations\n that leverage improper might_cancel queueing. (CVE-2017-10661)\n\n - Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows\n attackers to gain privileges via unspecified vectors. (CVE-2017-0861)\n\n - Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local\n users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE:\n this vulnerability exists because of a CVE-2012-6701 regression. (CVE-2015-8830)\n\n - In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the\n _sctp_make_chunk() function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be\n exploited to cause a kernel crash. (CVE-2018-5803)\n\n - Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit()\n function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of\n certain crafted system calls. (CVE-2018-1130)\n\n - The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and\n including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb\n driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution\n in kernel space. (CVE-2018-8781)\n\n - The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8\n doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the\n show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read\n arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).\n (CVE-2017-18344)\n\n - The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially\n modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by\n sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered\n and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel\n with the increase of the IP fragment reassembly queue size. (CVE-2018-5391)\n\n - The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create\n files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and\n is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a\n plain file whose group ownership is that group. The intended behavior was that the non-member can trigger\n creation of a directory (but not a plain file) whose group ownership is that group. The non-member can\n escalate privileges by making the plain file executable and SGID. (CVE-2018-13405)\n\n - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length\n inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface\n (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel\n crash) or have unspecified other impact by executing a crafted sequence of system calls that use the\n blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation\n (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. (CVE-2017-17805)\n\n - The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to\n cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.\n (CVE-2017-18208)\n\n - The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within\n libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-\n handling code. (CVE-2017-18232)\n\n - The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a\n root directory with a zero i_links_count, which allows attackers to cause a denial of service\n (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. (CVE-2018-1092)\n\n - In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow\n properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android\n releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.\n (CVE-2018-5848)\n\n - Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux\n kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read\n accesses to files in the /sys/class/sas_phy directory, as demonstrated by the\n /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. (CVE-2018-7757)\n\n - The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows\n local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a\n crafted xfs image. (CVE-2018-10322)\n\n - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and\n a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4\n filesystem image. (CVE-2018-10878)\n\n - The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always\n initialize the crc32c checksum driver, which allows attackers to cause a denial of service\n (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.\n (CVE-2018-1094)\n\n - Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between\n virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow\n local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device\n file. (CVE-2018-1118)\n\n - A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a\n process's memory containing command line arguments (or environment strings), an attacker can cause\n utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the\n /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some\n controlled time (as a synchronization primitive for other attacks). (CVE-2018-1120)\n\n - In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which\n allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified\n other impact. (CVE-2018-5344)\n\n - The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to\n cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large\n pgoff argument to the remap_file_pages system call. (CVE-2018-7740)\n\n - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in\n ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a\n file in a crafted ext4 filesystem image. (CVE-2018-10879)\n\n - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in\n ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a\n crafted ext4 filesystem image. (CVE-2018-10881)\n\n - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in\n jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a\n crafted ext4 filesystem image. (CVE-2018-10883)\n\n - It was found that the raw midi kernel driver does not protect against concurrent access which leads to a\n double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part\n of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for\n privilege escalation. (CVE-2018-10902)\n\n - The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows\n local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out\n kernel memory. (CVE-2018-10940)\n\n - Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input\n validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware\n assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very\n large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..\n (CVE-2018-1000026)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2018-3083.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-8781\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-957.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2018-3083');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-957.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-02-28T13:14:47", "description": "The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes.\n\nFour new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)\n\nCVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\nCVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\nCVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n\nCVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)\n\nThis kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel.\n\nFor more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736\n\nThe following security bugs were fixed: CVE-2016-10741:\nfs/xfs/xfs_aops.c allowed local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure (bnc#1114920 bnc#1124010).\n\nCVE-2017-1000407: By flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic (bnc#1071021).\n\nCVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674).\n\nCVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c allowed physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report (bnc#1031240).\n\nCVE-2017-7472: The KEYS subsystem allowed local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls (bnc#1034862).\n\nCVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host.\nDepending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target.\n(bnc#1107829).\n\nCVE-2018-15572: The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296).\n\nCVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).\n\nCVE-2018-18281: The mremap() syscall performed TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).\n\nCVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025).\n\nCVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\nCVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).\n\nCVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).\n\nCVE-2018-19985: The function hso_get_config_data in drivers/net/usb/hso.c read if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allowed arbitrary read in the kernel address space (bnc#1120743).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).\n\nCVE-2018-5391: The Linux kernel was vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bnc#1103097).\n\nCVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check.\nThis could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n(bnc#1108498).\n\nCVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).\n\nCVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c had multiple race conditions (bnc#1133188). The line discipline was disabled.\n\nCVE-2019-3459: A heap address information leak while using L2CAP_GET_CONF_OPT was discovered (bnc#1120758).\n\nCVE-2019-3460: A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found (bnc#1120758).\n\nCVE-2019-3882: A flaw was found vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS).\n(bnc#1131416 bnc#1131427).\n\nCVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728).\n\nCVE-2019-7221: The KVM implementation had a Use-after-Free (bnc#1124732).\n\nCVE-2019-7222: The KVM implementation had an Information Leak (bnc#1124735).\n\nCVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166).\n\nCVE-2019-9503: Multiple brcmfmac frame validation bypasses have been fixed (bnc#1132828).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-20T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10741", "CVE-2017-1000407", "CVE-2017-16533", "CVE-2017-7273", "CVE-2017-7472", "CVE-2018-10940", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-14633", "CVE-2018-15572", "CVE-2018-16658", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-18386", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-19407", "CVE-2018-19824", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-5391", "CVE-2018-9516", "CVE-2018-9568", "CVE-2019-11091", "CVE-2019-11486", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3882", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-8564", "CVE-2019-9213", "CVE-2019-9503"], "modified": "2020-01-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:lttng-modules", "p-cpe:/a:novell:suse_linux:lttng-modules-debugsource", "p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default", "p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1289-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125283", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1289-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125283);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/24\");\n\n script_cve_id(\"CVE-2016-10741\", \"CVE-2017-1000407\", \"CVE-2017-16533\", \"CVE-2017-7273\", \"CVE-2017-7472\", \"CVE-2018-10940\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-14633\", \"CVE-2018-15572\", \"CVE-2018-16658\", \"CVE-2018-16884\", \"CVE-2018-18281\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2018-18710\", \"CVE-2018-19407\", \"CVE-2018-19824\", \"CVE-2018-19985\", \"CVE-2018-20169\", \"CVE-2018-5391\", \"CVE-2018-9516\", \"CVE-2018-9568\", \"CVE-2019-11091\", \"CVE-2019-11486\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3882\", \"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\", \"CVE-2019-8564\", \"CVE-2019-9213\", \"CVE-2019-9503\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive\nvarious security and bugfixes.\n\nFour new speculative execution information leak issues have been\nidentified in Intel CPUs. (bsc#1111331)\n\nCVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\nCVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\nCVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n\nCVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n(MDSUM)\n\nThis kernel update contains software mitigations for these issues,\nwhich also utilize CPU microcode updates shipped in parallel.\n\nFor more information on this set of information leaks, check out\nhttps://www.suse.com/support/kb/doc/?id=7023736\n\nThe following security bugs were fixed: CVE-2016-10741:\nfs/xfs/xfs_aops.c allowed local users to cause a denial of service\n(system crash) because there is a race condition between direct and\nmemory-mapped I/O (associated with a hole) that is handled with BUG_ON\ninstead of an I/O failure (bnc#1114920 bnc#1124010).\n\nCVE-2017-1000407: By flooding the diagnostic port 0x80 an exception\ncan be triggered leading to a kernel panic (bnc#1071021).\n\nCVE-2017-16533: The usbhid_parse function in\ndrivers/hid/usbhid/hid-core.c allowed local users to cause a denial of\nservice (out-of-bounds read and system crash) or possibly have\nunspecified other impact via a crafted USB device (bnc#1066674).\n\nCVE-2017-7273: The cp_report_fixup function in\ndrivers/hid/hid-cypress.c allowed physically proximate attackers to\ncause a denial of service (integer underflow) or possibly have\nunspecified other impact via a crafted HID report (bnc#1031240).\n\nCVE-2017-7472: The KEYS subsystem allowed local users to cause a\ndenial of service (memory consumption) via a series of\nKEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls\n(bnc#1034862).\n\nCVE-2018-14633: A security flaw was found in the\nchap_server_compute_md5() function in the ISCSI target code in the\nLinux kernel in a way an authentication request from an ISCSI\ninitiator is processed. An unauthenticated remote attacker can cause a\nstack buffer overflow and smash up to 17 bytes of the stack. The\nattack requires the iSCSI target to be enabled on the victim host.\nDepending on how the target's code was built (i.e. depending on a\ncompiler, compile flags and hardware architecture) an attack may lead\nto a system crash and thus to a denial-of-service or possibly to a\nnon-authorized access to data exported by an iSCSI target.\n(bnc#1107829).\n\nCVE-2018-15572: The spectre_v2_select_mitigation function in\narch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context\nswitch, which made it easier for attackers to conduct\nuserspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296).\n\nCVE-2018-16884: NFS41+ shares mounted in different network namespaces\nat the same time can make bc_svc_process() use wrong back-channel IDs\nand cause a use-after-free vulnerability. Thus a malicious container\nuser can cause a host kernel memory corruption and a system panic. Due\nto the nature of the flaw, privilege escalation cannot be fully ruled\nout (bnc#1119946).\n\nCVE-2018-18281: The mremap() syscall performed TLB flushes after\ndropping pagetable locks. If a syscall such as ftruncate() removes\nentries from the pagetables of a task that is in the middle of\nmremap(), a stale TLB entry can remain for a short time that permits\naccess to a physical page after it has been released back to the page\nallocator and reused. (bnc#1113769).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are\nable to access pseudo terminals) to hang/block further usage of any\npseudo terminal devices due to an EXTPROC versus ICANON confusion in\nTIOCINQ (bnc#1094825).\n\nCVE-2018-18690: A local attacker able to set attributes on an xfs\nfilesystem could make this filesystem non-operational until the next\nmount by triggering an unchecked error condition during an xfs\nattribute change, because xfs_attr_shortform_addname in\nfs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with\nconversion of an attr from short to long form (bnc#1105025).\n\nCVE-2018-18710: An information leak in cdrom_ioctl_select_disc in\ndrivers/cdrom/cdrom.c could be used by local attackers to read kernel\nmemory because a cast from unsigned long to int interferes with bounds\nchecking. This is similar to CVE-2018-10940 and CVE-2018-16658\n(bnc#1113751).\n\nCVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c\nallowed local users to cause a denial of service (NULL pointer\ndereference and BUG) via crafted system calls that reach a situation\nwhere ioapic is uninitialized (bnc#1116841).\n\nCVE-2018-19824: A local user could exploit a use-after-free in the\nALSA driver by supplying a malicious USB Sound device (with zero\ninterfaces) that is mishandled in usb_audio_probe in sound/usb/card.c\n(bnc#1118152).\n\nCVE-2018-19985: The function hso_get_config_data in\ndrivers/net/usb/hso.c read if_num from the USB device (as a u8) and\nuses it to index a small array, resulting in an object out-of-bounds\n(OOB) read that potentially allowed arbitrary read in the kernel\naddress space (bnc#1120743).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the\nreading of an extra descriptor, related to __usb_get_extra_descriptor\nin drivers/usb/core/usb.c (bnc#1119714).\n\nCVE-2018-5391: The Linux kernel was vulnerable to a denial of service\nattack with low rates of specially modified packets targeting IP\nfragment re-assembly. An attacker may cause a denial of service\ncondition by sending specially crafted IP fragments. Various\nvulnerabilities in IP fragmentation have been discovered and fixed\nover the years. The current vulnerability (CVE-2018-5391) became\nexploitable in the Linux kernel with the increase of the IP fragment\nreassembly queue size (bnc#1103097).\n\nCVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c,\nthere is a possible out of bounds write due to a missing bounds check.\nThis could lead to local escalation of privilege with System execution\nprivileges needed. User interaction is not needed for exploitation.\n(bnc#1108498).\n\nCVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory\ncorruption due to type confusion. This could lead to local escalation\nof privilege with no additional execution privileges needed. User\ninteraction is not needed for exploitation. (bnc#1118319).\n\nCVE-2019-11486: The Siemens R3964 line discipline driver in\ndrivers/tty/n_r3964.c had multiple race conditions (bnc#1133188). The\nline discipline was disabled.\n\nCVE-2019-3459: A heap address information leak while using\nL2CAP_GET_CONF_OPT was discovered (bnc#1120758).\n\nCVE-2019-3460: A heap data infoleak in multiple locations including\nL2CAP_PARSE_CONF_RSP was found (bnc#1120758).\n\nCVE-2019-3882: A flaw was found vfio interface implementation that\npermitted violation of the user's locked memory limit. If a device is\nbound to a vfio driver, such as vfio-pci, and the local attacker is\nadministratively granted ownership of the device, it may cause a\nsystem memory exhaustion and thus a denial of service (DoS).\n(bnc#1131416 bnc#1131427).\n\nCVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c\nmishandled reference counting because of a race condition, leading to\na use-after-free (bnc#1124728).\n\nCVE-2019-7221: The KVM implementation had a Use-after-Free\n(bnc#1124732).\n\nCVE-2019-7222: The KVM implementation had an Information Leak\n(bnc#1124735).\n\nCVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the\nmmap minimum address, which made it easier for attackers to exploit\nkernel NULL pointer dereferences on non-SMAP platforms. This is\nrelated to a capability check for the wrong task (bnc#1128166).\n\nCVE-2019-9503: Multiple brcmfmac frame validation bypasses have been\nfixed (bnc#1132828).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10741/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000407/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7273/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7472/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12126/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15572/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16884/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18281/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18386/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18690/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18710/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19407/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19824/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19985/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5391/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-9516/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-9568/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11091/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11486/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-3459/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-3460/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-3882/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6974/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7221/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7222/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8564/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9213/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9503/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/support/kb/doc/?id=7023736\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191289-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2cefbff4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-1289=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-1289=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2019-1289=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14633\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.74-60.64.110.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.74-60.64.110.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.74-60.64.110.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.74-60.64.110.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.74-60.64.110.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.74-60.64.110.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"lttng-modules-2.7.0-4.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"lttng-modules-debugsource-2.7.0-4.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-default-2.7.0_k3.12.74_60.64.110-4.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-default-debuginfo-2.7.0_k3.12.74_60.64.110-4.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.74-60.64.110.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.74-60.64.110.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.74-60.64.110.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.74-60.64.110.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.74-60.64.110.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.74-60.64.110.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.74-60.64.110.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.74-60.64.110.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-03-11T15:42:24", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities:\n\n - Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE:\n this vulnerability exists because of a CVE-2012-6701 regression. (CVE-2015-8830)\n\n - A weakness was found in the Linux ASLR implementation.\n Any user able to running 32-bit applications in a x86 machine can disable ASLR by setting the RLIMIT_STACK resource to unlimited. (CVE-2016-3672)\n\n - The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2016-7913)\n\n - Use-after-free vulnerability in the snd_pcm_info() function in the ALSA subsystem in the Linux kernel allows attackers to induce a kernel memory corruption and possibly crash or lock up a system. Due to the nature of the flaw, a privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n (CVE-2017-0861)\n\n - A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (>1024) index value. (CVE-2017-1000252)\n\n - Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS. (CVE-2017-1000407)\n\n - A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space. (CVE-2017-1000410)\n\n - A race condition was found in the Linux kernel before version 4.11-rc1 in 'fs/timerfd.c' file which allows a local user to cause a kernel list corruption or use- after-free via simultaneous operations with a file descriptor which leverage improper 'might_cancel' queuing. An unprivileged local user could use this flaw to cause a denial of service of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n (CVE-2017-10661)\n\n - Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could access (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS.\n (CVE-2017-12154)\n\n - It was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page.\n bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition.\n (CVE-2017-12190)\n\n - A flaw was found in the Linux kernel's implementation of valid_master_desc() in which a memory buffer would be compared to a userspace value with an incorrect size of comparison. By bruteforcing the comparison, an attacker could determine what was in memory after the description and possibly obtain sensitive information from kernel memory. (CVE-2017-13305)\n\n - A use-after-free vulnerability was found in a network namespaces code affecting the Linux kernel since v4.0-rc1 through v4.15-rc5. The function get_net_ns_by_id() does not check for the net::count value after it has found a peer network in netns_ids idr which could lead to double free and memory corruption.\n This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. (CVE-2017-15129)\n\n - A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation. (CVE-2017-15265)\n\n - A flaw was found in the implementation of associative arrays where the add_key systemcall and KEYCTL_UPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer dereference (kernel oops).\n (CVE-2017-15274)\n\n - The net/netfilter/nfnetlink_cthelper.c function in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations. This allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.\n (CVE-2017-17448)\n\n - The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIG_NLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. (CVE-2017-17449)\n\n - The usb_destroy_configuration() function, in 'drivers/usb/core/config.c' in the USB core subsystem, in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources. This allows local users to cause a denial of service, due to out-of-bounds write access, or possibly have unspecified other impact via a crafted USB device. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-17558)\n\n - The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. This allows a local attacker the ability to use the AF_ALG-based skcipher interface to cause a denial of service (uninitialized-memory free and kernel crash) or have an unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 are vulnerable. (CVE-2017-17805)\n\n - The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-18017)\n\n - The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker. (CVE-2017-18203)\n\n - The madvise_willneed function in the Linux kernel allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.\n (CVE-2017-18208)\n\n - A flaw was found where the kernel truncated the value used to indicate the size of a buffer which it would later become zero using an untruncated value. This can corrupt memory outside of the original allocation.\n (CVE-2017-9725)\n\n - In the Linux kernel versions 4.12, 3.10, 2.6, and possibly earlier, a race condition vulnerability exists in the sound system allowing for a potential deadlock and memory corruption due to use-after-free condition and thus denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2018-1000004)\n\n - Improper validation in the bnx2x network card driver of the Linux kernel version 4.15 can allow for denial of service (DoS) attacks via a packet with a gso_size larger than ~9700 bytes. Untrusted guest VMs can exploit this vulnerability in the host machine, causing a crash in the network card. (CVE-2018-1000026)\n\n - By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).\n (CVE-2018-1120)\n\n - A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls. (CVE-2018-1130)\n\n - An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.\n (CVE-2018-17972)\n\n - A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behavior. At this time there is an understanding there is no crash or privilege escalation but the impact of modifications on these filesystems of files in production systems may have adverse affects.\n (CVE-2018-18397)\n\n - In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. (CVE-2018-18690)\n\n - A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions. (CVE-2018-5344)\n\n - The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. (CVE-2018-5750)\n\n - An error in the _sctp_make_chunk() function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS. (CVE-2018-5803)\n\n - In the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the ie_len argument can cause a buffer overflow and thus a memory corruption leading to a system crash or other or unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2018-5848)\n\n - ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access. (CVE-2018-7566)\n\n - A possible memory corruption due to a type confusion was found in the Linux kernel in the sk_clone_lock() function in the net/core/sock.c. The possibility of local escalation of privileges cannot be fully ruled out for a local unprivileged attacker. (CVE-2018-9568)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0074)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6701", "CVE-2015-8830", "CVE-2016-3672", "CVE-2016-7913", "CVE-2017-0861", "CVE-2017-1000252", "CVE-2017-1000407", "CVE-2017-1000410", "CVE-2017-10661", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-13305", "CVE-2017-15129", "CVE-2017-15265", "CVE-2017-15274", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17558", "CVE-2017-17805", "CVE-2017-18017", "CVE-2017-18203", "CVE-2017-18208", "CVE-2017-9725", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-17972", "CVE-2018-18397", "CVE-2018-18690", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7566", "CVE-2018-9568"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0074_KERNEL-RT.NASL", "href": "https://www.tenable.com/plugins/nessus/127281", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0074. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127281);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2015-8830\",\n \"CVE-2016-3672\",\n \"CVE-2016-7913\",\n \"CVE-2017-0861\",\n \"CVE-2017-9725\",\n \"CVE-2017-10661\",\n \"CVE-2017-12154\",\n \"CVE-2017-12190\",\n \"CVE-2017-13305\",\n \"CVE-2017-15129\",\n \"CVE-2017-15265\",\n \"CVE-2017-15274\",\n \"CVE-2017-17448\",\n \"CVE-2017-17449\",\n \"CVE-2017-17558\",\n \"CVE-2017-17805\",\n \"CVE-2017-18017\",\n \"CVE-2017-18203\",\n \"CVE-2017-18208\",\n \"CVE-2017-1000252\",\n \"CVE-2017-1000407\",\n \"CVE-2017-1000410\",\n \"CVE-2018-1120\",\n \"CVE-2018-1130\",\n \"CVE-2018-5344\",\n \"CVE-2018-5750\",\n \"CVE-2018-5803\",\n \"CVE-2018-5848\",\n \"CVE-2018-7566\",\n \"CVE-2018-9568\",\n \"CVE-2018-17972\",\n \"CVE-2018-18397\",\n \"CVE-2018-18690\",\n \"CVE-2018-1000004\",\n \"CVE-2018-1000026\"\n );\n script_bugtraq_id(102329);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0074)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected\nby multiple vulnerabilities:\n\n - Integer overflow in the aio_setup_single_vector function\n in fs/aio.c in the Linux kernel 4.0 allows local users\n to cause a denial of service or possibly have\n unspecified other impact via a large AIO iovec. NOTE:\n this vulnerability exists because of a CVE-2012-6701\n regression. (CVE-2015-8830)\n\n - A weakness was found in the Linux ASLR implementation.\n Any user able to running 32-bit applications in a x86\n machine can disable ASLR by setting the RLIMIT_STACK\n resource to unlimited. (CVE-2016-3672)\n\n - The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel\n before 4.6 allows local users to gain privileges or\n cause a denial of service (use-after-free) via vectors\n involving omission of the firmware name from a certain\n data structure. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely. (CVE-2016-7913)\n\n - Use-after-free vulnerability in the snd_pcm_info()\n function in the ALSA subsystem in the Linux kernel\n allows attackers to induce a kernel memory corruption\n and possibly crash or lock up a system. Due to the\n nature of the flaw, a privilege escalation cannot be\n fully ruled out, although we believe it is unlikely.\n (CVE-2017-0861)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (>1024) index value. (CVE-2017-1000252)\n\n - Linux kernel Virtualization Module (CONFIG_KVM) for the\n Intel processor family (CONFIG_KVM_INTEL) is vulnerable\n to a DoS issue. It could occur if a guest was to flood\n the I/O port 0x80 with write requests. A guest user\n could use this flaw to crash the host kernel resulting\n in DoS. (CVE-2017-1000407)\n\n - A flaw was found in the processing of incoming L2CAP\n bluetooth commands. Uninitialized stack variables can be\n sent to an attacker leaking data in kernel address\n space. (CVE-2017-1000410)\n\n - A race condition was found in the Linux kernel before\n version 4.11-rc1 in 'fs/timerfd.c' file which allows a\n local user to cause a kernel list corruption or use-\n after-free via simultaneous operations with a file\n descriptor which leverage improper 'might_cancel'\n queuing. An unprivileged local user could use this flaw\n to cause a denial of service of the system. Due to the\n nature of the flaw, privilege escalation cannot be fully\n ruled out, although we believe it is unlikely.\n (CVE-2017-10661)\n\n - Linux kernel built with the KVM visualization support\n (CONFIG_KVM), with nested visualization (nVMX) feature\n enabled (nested=1), is vulnerable to a crash due to\n disabled external interrupts. As L2 guest could access\n (r/w) hardware CR8 register of the host(L0). In a nested\n visualization setup, L2 guest user could use this flaw\n to potentially crash the host(L0) resulting in DoS.\n (CVE-2017-12154)\n\n - It was found that in the Linux kernel through v4.14-rc5,\n bio_map_user_iov() and bio_unmap_user() in 'block/bio.c'\n do unbalanced pages refcounting if IO vector has small\n consecutive buffers belonging to the same page.\n bio_add_pc_page() merges them into one, but the page\n reference is never dropped, causing a memory leak and\n possible system lockup due to out-of-memory condition.\n (CVE-2017-12190)\n\n - A flaw was found in the Linux kernel's implementation of\n valid_master_desc() in which a memory buffer would be\n compared to a userspace value with an incorrect size of\n comparison. By bruteforcing the comparison, an attacker\n could determine what was in memory after the description\n and possibly obtain sensitive information from kernel\n memory. (CVE-2017-13305)\n\n - A use-after-free vulnerability was found in a network\n namespaces code affecting the Linux kernel since\n v4.0-rc1 through v4.15-rc5. The function\n get_net_ns_by_id() does not check for the net::count\n value after it has found a peer network in netns_ids idr\n which could lead to double free and memory corruption.\n This vulnerability could allow an unprivileged local\n user to induce kernel memory corruption on the system,\n leading to a crash. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out, although\n it is thought to be unlikely. (CVE-2017-15129)\n\n - A use-after-free vulnerability was found when issuing an\n ioctl to a sound device. This could allow a user to\n exploit a race condition and create memory corruption or\n possibly privilege escalation. (CVE-2017-15265)\n\n - A flaw was found in the implementation of associative\n arrays where the add_key systemcall and KEYCTL_UPDATE\n operations allowed for a NULL payload with a nonzero\n length. When accessing the payload within this length\n parameters value, an unprivileged user could trivially\n cause a NULL pointer dereference (kernel oops).\n (CVE-2017-15274)\n\n - The net/netfilter/nfnetlink_cthelper.c function in the\n Linux kernel through 4.14.4 does not require the\n CAP_NET_ADMIN capability for new, get, and del\n operations. This allows local users to bypass intended\n access restrictions because the nfnl_cthelper_list data\n structure is shared across all net namespaces.\n (CVE-2017-17448)\n\n - The __netlink_deliver_tap_skb function in\n net/netlink/af_netlink.c in the Linux kernel, through\n 4.14.4, does not restrict observations of Netlink\n messages to a single net namespace, when CONFIG_NLMON is\n enabled. This allows local users to obtain sensitive\n information by leveraging the CAP_NET_ADMIN capability\n to sniff an nlmon interface for all Netlink activity on\n the system. (CVE-2017-17449)\n\n - The usb_destroy_configuration() function, in\n 'drivers/usb/core/config.c' in the USB core subsystem,\n in the Linux kernel through 4.14.5 does not consider the\n maximum number of configurations and interfaces before\n attempting to release resources. This allows local users\n to cause a denial of service, due to out-of-bounds write\n access, or possibly have unspecified other impact via a\n crafted USB device. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out, although\n we believe it is unlikely. (CVE-2017-17558)\n\n - The Salsa20 encryption algorithm in the Linux kernel,\n before 4.14.8, does not correctly handle zero-length\n inputs. This allows a local attacker the ability to use\n the AF_ALG-based skcipher interface to cause a denial of\n service (uninitialized-memory free and kernel crash) or\n have an unspecified other impact by executing a crafted\n sequence of system calls that use the blkcipher_walk\n API. Both the generic implementation\n (crypto/salsa20_generic.c) and x86 implementation\n (arch/x86/crypto/salsa20_glue.c) of Salsa20 are\n vulnerable. (CVE-2017-17805)\n\n - The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel before\n 4.11, and 4.9.x before 4.9.36, allows remote attackers\n to cause a denial of service (use-after-free and memory\n corruption) or possibly have unspecified other impact by\n leveraging the presence of xt_TCPMSS in an iptables\n action. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely. (CVE-2017-18017)\n\n - The Linux kernel, before version 4.14.3, is vulnerable\n to a denial of service in\n drivers/md/dm.c:dm_get_from_kobject() which can be\n caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM\n devices. Only privileged local users (with CAP_SYS_ADMIN\n capability) can directly perform the ioctl operations\n for dm device creation and removal and this would\n typically be outside the direct control of the\n unprivileged attacker. (CVE-2017-18203)\n\n - The madvise_willneed function in the Linux kernel allows\n local users to cause a denial of service (infinite loop)\n by triggering use of MADVISE_WILLNEED for a DAX mapping.\n (CVE-2017-18208)\n\n - A flaw was found where the kernel truncated the value\n used to indicate the size of a buffer which it would\n later become zero using an untruncated value. This can\n corrupt memory outside of the original allocation.\n (CVE-2017-9725)\n\n - In the Linux kernel versions 4.12, 3.10, 2.6, and\n possibly earlier, a race condition vulnerability exists\n in the sound system allowing for a potential deadlock\n and memory corruption due to use-after-free condition\n and thus denial of service. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely. (CVE-2018-1000004)\n\n - Improper validation in the bnx2x network card driver of\n the Linux kernel version 4.15 can allow for denial of\n service (DoS) attacks via a packet with a gso_size\n larger than ~9700 bytes. Untrusted guest VMs can exploit\n this vulnerability in the host machine, causing a crash\n in the network card. (CVE-2018-1000026)\n\n - By mmap()ing a FUSE-backed file onto a process's memory\n containing command line arguments (or environment\n strings), an attacker can cause utilities from psutils\n or procps (such as ps, w) or any other program which\n makes a read() call to the /proc//cmdline (or\n /proc//environ) files to block indefinitely (denial\n of service) or for some controlled time (as a\n synchronization primitive for other attacks).\n (CVE-2018-1120)\n\n - A null pointer dereference in dccp_write_xmit() function\n in net/dccp/output.c in the Linux kernel allows a local\n user to cause a denial of service by a number of certain\n crafted system calls. (CVE-2018-1130)\n\n - An issue was discovered in the proc_pid_stack function\n in fs/proc/base.c in the Linux kernel. An attacker with\n a local account can trick the stack unwinder code to\n leak stack contents to userspace. The fix allows only\n root to inspect the kernel stack of an arbitrary task.\n (CVE-2018-17972)\n\n - A flaw was found in the Linux kernel with files on tmpfs\n and hugetlbfs. An attacker is able to bypass file\n permissions on filesystems mounted with tmpfs/hugetlbs\n to modify a file and possibly disrupt normal system\n behavior. At this time there is an understanding there\n is no crash or privilege escalation but the impact of\n modifications on these filesystems of files in\n production systems may have adverse affects.\n (CVE-2018-18397)\n\n - In the Linux kernel before 4.17, a local attacker able\n to set attributes on an xfs filesystem could make this\n filesystem non-operational until the next mount by\n triggering an unchecked error condition during an xfs\n attribute change, because xfs_attr_shortform_addname in\n fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE\n operations with conversion of an attr from short to long\n form. (CVE-2018-18690)\n\n - A flaw was found in the Linux kernel's handling of\n loopback devices. An attacker, who has permissions to\n setup loopback disks, may create a denial of service or\n other unspecified actions. (CVE-2018-5344)\n\n - The acpi_smbus_hc_add function in drivers/acpi/sbshc.c\n in the Linux kernel, through 4.14.15, allows local users\n to obtain sensitive address information by reading dmesg\n data from an SBS HC printk call. (CVE-2018-5750)\n\n - An error in the _sctp_make_chunk() function\n (net/sctp/sm_make_chunk.c) when handling SCTP, packet\n length can be exploited by a malicious local user to\n cause a kernel crash and a DoS. (CVE-2018-5803)\n\n - In the function wmi_set_ie() in the Linux kernel the\n length validation code does not handle unsigned integer\n overflow properly. As a result, a large value of the\n ie_len argument can cause a buffer overflow and thus a\n memory corruption leading to a system crash or other or\n unspecified impact. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out, although\n we believe it is unlikely. (CVE-2018-5848)\n\n - ALSA sequencer core initializes the event pool on demand\n by invoking snd_seq_pool_init() when the first write\n happens and the pool is empty. A user can reset the pool\n size manually via ioctl concurrently, and this may lead\n to UAF or out-of-bound access. (CVE-2018-7566)\n\n - A possible memory corruption due to a type confusion was\n found in the Linux kernel in the sk_clone_lock()\n function in the net/core/sock.c. The possibility of\n local escalation of privileges cannot be fully ruled out\n for a local unprivileged attacker. (CVE-2018-9568)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0074\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18017\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.12.249.g1e2b4cb\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-10T15:06:52", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE:\n this vulnerability exists because of a CVE-2012-6701 regression. (CVE-2015-8830)\n\n - A weakness was found in the Linux ASLR implementation.\n Any user able to running 32-bit applications in a x86 machine can disable ASLR by setting the RLIMIT_STACK resource to unlimited. (CVE-2016-3672)\n\n - The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2016-7913)\n\n - Use-after-free vulnerability in the snd_pcm_info() function in the ALSA subsystem in the Linux kernel allows attackers to induce a kernel memory corruption and possibly crash or lock up a system. Due to the nature of the flaw, a privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n (CVE-2017-0861)\n\n - A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (>1024) index value. (CVE-2017-1000252)\n\n - Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS. (CVE-2017-1000407)\n\n - A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space. (CVE-2017-1000410)\n\n - A race condition was found in the Linux kernel before version 4.11-rc1 in 'fs/timerfd.c' file which allows a local user to cause a kernel list corruption or use- after-free via simultaneous operations with a file descriptor which leverage improper 'might_cancel' queuing. An unprivileged local user could use this flaw to cause a denial of service of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n (CVE-2017-10661)\n\n - Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could access (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS.\n (CVE-2017-12154)\n\n - It was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page.\n bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition.\n (CVE-2017-12190)\n\n - A flaw was found in the Linux kernel's implementation of valid_master_desc() in which a memory buffer would be compared to a userspace value with an incorrect size of comparison. By bruteforcing the comparison, an attacker could determine what was in memory after the description and possibly obtain sensitive information from kernel memory. (CVE-2017-13305)\n\n - A use-after-free vulnerability was found in a network namespaces code affecting the Linux kernel since v4.0-rc1 through v4.15-rc5. The function get_net_ns_by_id() does not check for the net::count value after it has found a peer network in netns_ids idr which could lead to double free and memory corruption.\n This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. (CVE-2017-15129)\n\n - A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation. (CVE-2017-15265)\n\n - A flaw was found in the implementation of associative arrays where the add_key systemcall and KEYCTL_UPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer dereference (kernel oops).\n (CVE-2017-15274)\n\n - The net/netfilter/nfnetlink_cthelper.c function in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations. This allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.\n (CVE-2017-17448)\n\n - The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIG_NLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. (CVE-2017-17449)\n\n - The usb_destroy_configuration() function, in 'drivers/usb/core/config.c' in the USB core subsystem, in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources. This allows local users to cause a denial of service, due to out-of-bounds write access, or possibly have unspecified other impact via a crafted USB device. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-17558)\n\n - The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. This allows a local attacker the ability to use the AF_ALG-based skcipher interface to cause a denial of service (uninitialized-memory free and kernel crash) or have an unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 are vulnerable. (CVE-2017-17805)\n\n - The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-18017)\n\n - The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker. (CVE-2017-18203)\n\n - The madvise_willneed function in the Linux kernel allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.\n (CVE-2017-18208)\n\n - A flaw was found where the kernel truncated the value used to indicate the size of a buffer which it would later become zero using an untruncated value. This can corrupt memory outside of the original allocation.\n (CVE-2017-9725)\n\n - In the Linux kernel versions 4.12, 3.10, 2.6, and possibly earlier, a race condition vulnerability exists in the sound system allowing for a potential deadlock and memory corruption due to use-after-free condition and thus denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2018-1000004)\n\n - Improper validation in the bnx2x network card driver of the Linux kernel version 4.15 can allow for denial of service (DoS) attacks via a packet with a gso_size larger than ~9700 bytes. Untrusted guest VMs can exploit this vulnerability in the host machine, causing a crash in the network card. (CVE-2018-1000026)\n\n - By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).\n (CVE-2018-1120)\n\n - A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls. (CVE-2018-1130)\n\n - An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.\n (CVE-2018-17972)\n\n - A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behavior. At this time there is an understanding there is no crash or privilege escalation but the impact of modifications on these filesystems of files in production systems may have adverse affects.\n (CVE-2018-18397)\n\n - In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. (CVE-2018-18690)\n\n - Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.\n (CVE-2018-3646)\n\n - A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions. (CVE-2018-5344)\n\n - The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. (CVE-2018-5750)\n\n - An error in the _sctp_make_chunk() function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS. (CVE-2018-5803)\n\n - In the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the ie_len argument can cause a buffer overflow and thus a memory corruption leading to a system crash or other or unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2018-5848)\n\n - ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access. (CVE-2018-7566)\n\n - A possible memory corruption due to a type confusion was found in the Linux kernel in the sk_clone_lock() function in the net/core/sock.c. The possibility of local escalation of privileges cannot be fully ruled out for a local unprivileged attacker. (CVE-2018-9568)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0070)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6701", "CVE-2015-8830", "CVE-2016-3672", "CVE-2016-7913", "CVE-2017-0861", "CVE-2017-1000252", "CVE-2017-1000407", "CVE-2017-1000410", "CVE-2017-10661", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-13305", "CVE-2017-15129", "CVE-2017-15265", "CVE-2017-15274", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17558", "CVE-2017-17805", "CVE-2017-18017", "CVE-2017-18203", "CVE-2017-18208", "CVE-2017-9725", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-17972", "CVE-2018-18397", "CVE-2018-18690", "CVE-2018-3646", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7566", "CVE-2018-9568"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0070_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/127272", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0070. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127272);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2015-8830\",\n \"CVE-2016-3672\",\n \"CVE-2016-7913\",\n \"CVE-2017-0861\",\n \"CVE-2017-9725\",\n \"CVE-2017-10661\",\n \"CVE-2017-12154\",\n \"CVE-2017-12190\",\n \"CVE-2017-13305\",\n \"CVE-2017-15129\",\n \"CVE-2017-15265\",\n \"CVE-2017-15274\",\n \"CVE-2017-17448\",\n \"CVE-2017-17449\",\n \"CVE-2017-17558\",\n \"CVE-2017-17805\",\n \"CVE-2017-18017\",\n \"CVE-2017-18203\",\n \"CVE-2017-18208\",\n \"CVE-2017-1000252\",\n \"CVE-2017-1000407\",\n \"CVE-2017-1000410\",\n \"CVE-2018-1120\",\n \"CVE-2018-1130\",\n \"CVE-2018-3646\",\n \"CVE-2018-5344\",\n \"CVE-2018-5750\",\n \"CVE-2018-5803\",\n \"CVE-2018-5848\",\n \"CVE-2018-7566\",\n \"CVE-2018-9568\",\n \"CVE-2018-17972\",\n \"CVE-2018-18397\",\n \"CVE-2018-18690\",\n \"CVE-2018-1000004\",\n \"CVE-2018-1000026\"\n );\n script_bugtraq_id(102329);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0070)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - Integer overflow in the aio_setup_single_vector function\n in fs/aio.c in the Linux kernel 4.0 allows local users\n to cause a denial of service or possibly have\n unspecified other impact via a large AIO iovec. NOTE:\n this vulnerability exists because of a CVE-2012-6701\n regression. (CVE-2015-8830)\n\n - A weakness was found in the Linux ASLR implementation.\n Any user able to running 32-bit applications in a x86\n machine can disable ASLR by setting the RLIMIT_STACK\n resource to unlimited. (CVE-2016-3672)\n\n - The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel\n before 4.6 allows local users to gain privileges or\n cause a denial of service (use-after-free) via vectors\n involving omission of the firmware name from a certain\n data structure. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely. (CVE-2016-7913)\n\n - Use-after-free vulnerability in the snd_pcm_info()\n function in the ALSA subsystem in the Linux kernel\n allows attackers to induce a kernel memory corruption\n and possibly crash or lock up a system. Due to the\n nature of the flaw, a privilege escalation cannot be\n fully ruled out, although we believe it is unlikely.\n (CVE-2017-0861)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (>1024) index value. (CVE-2017-1000252)\n\n - Linux kernel Virtualization Module (CONFIG_KVM) for the\n Intel processor family (CONFIG_KVM_INTEL) is vulnerable\n to a DoS issue. It could occur if a guest was to flood\n the I/O port 0x80 with write requests. A guest user\n could use this flaw to crash the host kernel resulting\n in DoS. (CVE-2017-1000407)\n\n - A flaw was found in the processing of incoming L2CAP\n bluetooth commands. Uninitialized stack variables can be\n sent to an attacker leaking data in kernel address\n space. (CVE-2017-1000410)\n\n - A race condition was found in the Linux kernel before\n version 4.11-rc1 in 'fs/timerfd.c' file which allows a\n local user to cause a kernel list corruption or use-\n after-free via simultaneous operations with a file\n descriptor which leverage improper 'might_cancel'\n queuing. An unprivileged local user could use this flaw\n to cause a denial of service of the system. Due to the\n nature of the flaw, privilege escalation cannot be fully\n ruled out, although we believe it is unlikely.\n (CVE-2017-10661)\n\n - Linux kernel built with the KVM visualization support\n (CONFIG_KVM), with nested visualization (nVMX) feature\n enabled (nested=1), is vulnerable to a crash due to\n disabled external interrupts. As L2 guest could access\n (r/w) hardware CR8 register of the host(L0). In a nested\n visualization setup, L2 guest user could use this flaw\n to potentially crash the host(L0) resulting in DoS.\n (CVE-2017-12154)\n\n - It was found that in the Linux kernel through v4.14-rc5,\n bio_map_user_iov() and bio_unmap_user() in 'block/bio.c'\n do unbalanced pages refcounting if IO vector has small\n consecutive buffers belonging to the same page.\n bio_add_pc_page() merges them into one, but the page\n reference is never dropped, causing a memory leak and\n possible system lockup due to out-of-memory condition.\n (CVE-2017-12190)\n\n - A flaw was found in the Linux kernel's implementation of\n valid_master_desc() in which a memory buffer would be\n compared to a userspace value with an incorrect size of\n comparison. By bruteforcing the comparison, an attacker\n could determine what was in memory after the description\n and possibly obtain sensitive information from kernel\n memory. (CVE-2017-13305)\n\n - A use-after-free vulnerability was found in a network\n namespaces code affecting the Linux kernel since\n v4.0-rc1 through v4.15-rc5. The function\n get_net_ns_by_id() does not check for the net::count\n value after it has found a peer network in netns_ids idr\n which could lead to double free and memory corruption.\n This vulnerability could allow an unprivileged local\n user to induce kernel memory corruption on the system,\n leading to a crash. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out, although\n it is thought to be unlikely. (CVE-2017-15129)\n\n - A use-after-free vulnerability was found when issuing an\n ioctl to a sound device. This could allow a user to\n exploit a race condition and create memory corruption or\n possibly privilege escalation. (CVE-2017-15265)\n\n - A flaw was found in the implementation of associative\n arrays where the add_key systemcall and KEYCTL_UPDATE\n operations allowed for a NULL payload with a nonzero\n length. When accessing the payload within this length\n parameters value, an unprivileged user could trivially\n cause a NULL pointer dereference (kernel oops).\n (CVE-2017-15274)\n\n - The net/netfilter/nfnetlink_cthelper.c function in the\n Linux kernel through 4.14.4 does not require the\n CAP_NET_ADMIN capability for new, get, and del\n operations. This allows local users to bypass intended\n access restrictions because the nfnl_cthelper_list data\n structure is shared across all net namespaces.\n (CVE-2017-17448)\n\n - The __netlink_deliver_tap_skb function in\n net/netlink/af_netlink.c in the Linux kernel, through\n 4.14.4, does not restrict observations of Netlink\n messages to a single net namespace, when CONFIG_NLMON is\n enabled. This allows local users to obtain sensitive\n information by leveraging the CAP_NET_ADMIN capability\n to sniff an nlmon interface for all Netlink activity on\n the system. (CVE-2017-17449)\n\n - The usb_destroy_configuration() function, in\n 'drivers/usb/core/config.c' in the USB core subsystem,\n in the Linux kernel through 4.14.5 does not consider the\n maximum number of configurations and interfaces before\n attempting to release resources. This allows local users\n to cause a denial of service, due to out-of-bounds write\n access, or possibly have unspecified other impact via a\n crafted USB device. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out, although\n we believe it is unlikely. (CVE-2017-17558)\n\n - The Salsa20 encryption algorithm in the Linux kernel,\n before 4.14.8, does not correctly handle zero-length\n inputs. This allows a local attacker the ability to use\n the AF_ALG-based skcipher interface to cause a denial of\n service (uninitialized-memory free and kernel crash) or\n have an unspecified other impact by executing a crafted\n sequence of system calls that use the blkcipher_walk\n API. Both the generic implementation\n (crypto/salsa20_generic.c) and x86 implementation\n (arch/x86/crypto/salsa20_glue.c) of Salsa20 are\n vulnerable. (CVE-2017-17805)\n\n - The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel before\n 4.11, and 4.9.x before 4.9.36, allows remote attackers\n to cause a denial of service (use-after-free and memory\n corruption) or possibly have unspecified other impact by\n leveraging the presence of xt_TCPMSS in an iptables\n action. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely. (CVE-2017-18017)\n\n - The Linux kernel, before version 4.14.3, is vulnerable\n to a denial of service in\n drivers/md/dm.c:dm_get_from_kobject() which can be\n caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM\n devices. Only privileged local users (with CAP_SYS_ADMIN\n capability) can directly perform the ioctl operations\n for dm device creation and removal and this would\n typically be outside the direct control of the\n unprivileged attacker. (CVE-2017-18203)\n\n - The madvise_willneed function in the Linux kernel allows\n local users to cause a denial of service (infinite loop)\n by triggering use of MADVISE_WILLNEED for a DAX mapping.\n (CVE-2017-18208)\n\n - A flaw was found where the kernel truncated the value\n used to indicate the size of a buffer which it would\n later become zero using an untruncated value. This can\n corrupt memory outside of the original allocation.\n (CVE-2017-9725)\n\n - In the Linux kernel versions 4.12, 3.10, 2.6, and\n possibly earlier, a race condition vulnerability exists\n in the sound system allowing for a potential deadlock\n and memory corruption due to use-after-free condition\n and thus denial of service. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely. (CVE-2018-1000004)\n\n - Improper validation in the bnx2x network card driver of\n the Linux kernel version 4.15 can allow for denial of\n service (DoS) attacks via a packet with a gso_size\n larger than ~9700 bytes. Untrusted guest VMs can exploit\n this vulnerability in the host machine, causing a crash\n in the network card. (CVE-2018-1000026)\n\n - By mmap()ing a FUSE-backed file onto a process's memory\n containing command line arguments (or environment\n strings), an attacker can cause utilities from psutils\n or procps (such as ps, w) or any other program which\n makes a read() call to the /proc//cmdline (or\n /proc//environ) files to block indefinitely (denial\n of service) or for some controlled time (as a\n synchronization primitive for other attacks).\n (CVE-2018-1120)\n\n - A null pointer dereference in dccp_write_xmit() function\n in net/dccp/output.c in the Linux kernel allows a local\n user to cause a denial of service by a number of certain\n crafted system calls. (CVE-2018-1130)\n\n - An issue was discovered in the proc_pid_stack function\n in fs/proc/base.c in the Linux kernel. An attacker with\n a local account can trick the stack unwinder code to\n leak stack contents to userspace. The fix allows only\n root to inspect the kernel stack of an arbitrary task.\n (CVE-2018-17972)\n\n - A flaw was found in the Linux kernel with files on tmpfs\n and hugetlbfs. An attacker is able to bypass file\n permissions on filesystems mounted with tmpfs/hugetlbs\n to modify a file and possibly disrupt normal system\n behavior. At this time there is an understanding there\n is no crash or privilege escalation but the impact of\n modifications on these filesystems of files in\n production systems may have adverse affects.\n (CVE-2018-18397)\n\n - In the Linux kernel before 4.17, a local attacker able\n to set attributes on an xfs filesystem could make this\n filesystem non-operational until the next mount by\n triggering an unchecked error condition during an xfs\n attribute change, because xfs_attr_shortform_addname in\n fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE\n operations with conversion of an attr from short to long\n form. (CVE-2018-18690)\n\n - Modern operating systems implement virtualization of\n physical memory to efficiently use available system\n resources and provide inter-domain protection through\n access control and isolation. The L1TF issue was found\n in the way the x86 microprocessor designs have\n implemented speculative execution of instructions (a\n commonly used performance optimization) in combination\n with handling of page-faults caused by terminated\n virtual to physical address resolving process. As a\n result, an unprivileged attacker could use this flaw to\n read privileged memory of the kernel or other processes\n and/or cross guest/host boundaries to read host memory\n by conducting targeted cache side-channel attacks.\n (CVE-2018-3646)\n\n - A flaw was found in the Linux kernel's handling of\n loopback devices. An attacker, who has permissions to\n setup loopback disks, may create a denial of service or\n other unspecified actions. (CVE-2018-5344)\n\n - The acpi_smbus_hc_add function in drivers/acpi/sbshc.c\n in the Linux kernel, through 4.14.15, allows local users\n to obtain sensitive address information by reading dmesg\n data from an SBS HC printk call. (CVE-2018-5750)\n\n - An error in the _sctp_make_chunk() function\n (net/sctp/sm_make_chunk.c) when handling SCTP, packet\n length can be exploited by a malicious local user to\n cause a kernel crash and a DoS. (CVE-2018-5803)\n\n - In the function wmi_set_ie() in the Linux kernel the\n length validation code does not handle unsigned integer\n overflow properly. As a result, a large value of the\n ie_len argument can cause a buffer overflow and thus a\n memory corruption leading to a system crash or other or\n unspecified impact. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out, although\n we believe it is unlikely. (CVE-2018-5848)\n\n - ALSA sequencer core initializes the event pool on demand\n by invoking snd_seq_pool_init() when the first write\n happens and the pool is empty. A user can reset the pool\n size manually via ioctl concurrently, and this may lead\n to UAF or out-of-bound access. (CVE-2018-7566)\n\n - A possible memory corruption due to a type confusion was\n found in the Linux kernel in the sk_clone_lock()\n function in the net/core/sock.c. The possibility of\n local escalation of privileges cannot be fully ruled out\n for a local unprivileged attacker. (CVE-2018-9568)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0070\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18017\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"kernel-core-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-27T18:34:07", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1027)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18690", "CVE-2018-18386", "CVE-2018-16658"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191027", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191027", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1027\");\n script_version(\"2020-01-23T11:28:07+0000\");\n script_cve_id(\"CVE-2018-16658\", \"CVE-2018-18386\", \"CVE-2018-18690\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:28:07 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:28:07 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1027)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1027\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1027\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1027 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking.(CVE-2018-16658)\n\nIn the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.(CVE-2018-18690)\n\nA security flaw was found in the Linux kernel in drivers/tty/n_tty.c which allows local attackers (ones who are able to access pseudo terminals) to lock them up and block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ handler.(CVE-2018-18386)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.44.5.10.h158\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.44.5.10.h158\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.44.5.10.h158\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.44.5.10.h158\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.44.5.10.h158\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.44.5.10.h158\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.44.5.10.h158\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.44.5.10.h158\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.44.5.10.h158\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3848-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18690", "CVE-2017-18174", "CVE-2018-18710", "CVE-2018-12896"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843859", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843859", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3848_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux USN-3848-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843859\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2017-18174\", \"CVE-2018-12896\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-21 07:23:59 +0100 (Fri, 21 Dec 2018)\");\n script_name(\"Ubuntu Update for linux USN-3848-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3848-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3848-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-3848-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that a double free existed in the AMD GPIO driver in the\nLinux kernel. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2017-18174)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service. (CVE-2018-12896)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file\nsystem in the Linux kernel in certain situations could cause an error\ncondition to occur. A local attacker could use this to cause a denial of\nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the\nCDROM driver of the Linux kernel. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2018-18710)\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1039-kvm\", ver:\"4.4.0-1039.45\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1074-aws\", ver:\"4.4.0-1074.84\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1102-raspi2\", ver:\"4.4.0-1102.110\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1106-snapdragon\", ver:\"4.4.0-1106.111\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-141-generic\", ver:\"4.4.0-141.167\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-141-generic-lpae\", ver:\"4.4.0-141.167\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-141-lowlatency\", ver:\"4.4.0-141.167\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-141-powerpc-e500mc\", ver:\"4.4.0-141.167\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-141-powerpc-smp\", ver:\"4.4.0-141.167\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-141-powerpc64-emb\", ver:\"4.4.0-141.167\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-141-powerpc64-smp\", ver:\"4.4.0-141.167\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1074.76\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.141.147\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.141.147\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.4.0.1039.38\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.141.147\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.141.147\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.141.147\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.141.147\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.141.147\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1102.102\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1106.98\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-aws USN-3848-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18690", "CVE-2017-18174", "CVE-2018-18710", "CVE-2018-12896"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843858", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843858", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3848_2.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux-aws USN-3848-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843858\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2017-18174\", \"CVE-2018-12896\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-21 07:23:49 +0100 (Fri, 21 Dec 2018)\");\n script_name(\"Ubuntu Update for linux-aws USN-3848-2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3848-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3848-2/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws'\n package(s) announced via the USN-3848-2 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-3848-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nIt was discovered that a double free existed in the AMD GPIO driver in the\nLinux kernel. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2017-18174)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service. (CVE-2018-12896)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file\nsystem in the Linux kernel in certain situations could cause an error\ncondition to occur. A local attacker could use this to cause a denial of\nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the\nCDROM driver of the Linux kernel. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2018-18710)\");\n\n script_tag(name:\"affected\", value:\"linux-aws on Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1037-aws\", ver:\"4.4.0-1037.40\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-141-generic\", ver:\"4.4.0-141.167~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-141-generic-lpae\", ver:\"4.4.0-141.167~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-141-lowlatency\", ver:\"4.4.0-141.167~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-141-powerpc-e500mc\", ver:\"4.4.0-141.167~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-141-powerpc-smp\", ver:\"4.4.0-141.167~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-141-powerpc64-emb\", ver:\"4.4.0-141.167~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-141-powerpc64-smp\", ver:\"4.4.0-141.167~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1037.37\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.141.121\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.141.121\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.141.121\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.141.121\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.141.121\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.141.121\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.141.121\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:36:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-21T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2018:3817-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10940", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-18281", "CVE-2018-18386", "CVE-2018-16658", "CVE-2018-9516"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852140", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852140", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852140\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-18281\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2018-18710\",\n \"CVE-2018-9516\", \"CVE-2018-10940\", \"CVE-2018-16658\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-21 06:04:01 +0100 (Wed, 21 Nov 2018)\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2018:3817-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3817-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00028.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the openSUSE-SU-2018:3817-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.3 kernel was\n updated to 4.4.162 to receive various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping\n pagetable locks. If a syscall such as ftruncate() removes entries from\n the pagetables of a task that is in the middle of mremap(), a stale TLB\n entry can remain for a short time that permits access to a physical page\n after it has been released back to the page allocator and reused.\n (bnc#1113769).\n\n - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in\n drivers/cdrom/cdrom.c could be used by local attackers to read kernel\n memory because a cast from unsigned long to int interferes with bounds\n checking. This is similar to CVE-2018-10940 and CVE-2018-16658\n (bnc#1113751).\n\n - CVE-2018-18690: A local attacker able to set attributes on an xfs\n filesystem could make this filesystem non-operational until the next\n mount by triggering an unchecked error condition during an xfs attribute\n change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c\n mishandled ATTR_REPLACE operations with conversion of an attr from short\n to long form (bnc#1105025).\n\n - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are\n able to access pseudo terminals) to hang/block further usage of any\n pseudo terminal devices due to an EXTPROC versus ICANON confusion in\n TIOCINQ (bnc#1094825).\n\n - CVE-2018-9516: A lack of certain checks in the hid_debug_events_read()\n function in the drivers/hid/hid-debug.c file might have resulted in\n receiving userspace buffer overflow and an out-of-bounds write or to the\n infinite loop. (bnc#1108498).\n\n The following non-security bugs were fixed:\n\n - 6lowpan: iphc: reset mac_header after decompress to fix panic\n (bnc#1012382).\n\n - Add azure kernel description.\n\n - Add bug reference to\n patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack-fix1.patch\n\n - Add graphviz to buildreq for image conversion\n\n - Add reference to bsc#1104124 to\n patches.fixes/fs-aio-fix-the-increment-of-aio-nr-and-counting-agai.patch\n\n - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bnc#1012382).\n\n - ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760\n (bnc#1012382).\n\n - apparmor: remove no-op permission check in policy_unpack (git-fixes).\n\n - ARC: build: Get rid of toolchain check (bnc#1012382).\n\n - ARC: clone syscall to setp r25 as thread pointer (bnc#1012382).\n\n - arch/hexagon: fix kernel/dma.c build warning (bnc#1012382).\n\n - arch-symbols: use bash as interpreter since the script uses bashism.\n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"the on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.162~78.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-azure USN-3847-3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18690", "CVE-2018-14734", "CVE-2018-18710", "CVE-2018-18445", "CVE-2018-16276", "CVE-2018-10902", "CVE-2018-12896"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843861", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843861", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3847_3.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux-azure USN-3847-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843861\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\",\n \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-21 07:24:27 +0100 (Fri, 21 Dec 2018)\");\n script_name(\"Ubuntu Update for linux-azure USN-3847-3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3847-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3847-3/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-azure'\n package(s) announced via the USN-3847-3 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nkernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS.\n\nIt was discovered that a race condition existed in the raw MIDI driver for\nthe Linux kernel, leading to a double free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the\nInfiniband implementation in the Linux kernel. An attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did\nnot properly restrict user space reads or writes. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not\ncorrectly compute numeric bounds in some situations. A local attacker could\nuse this to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file\nsystem in the Linux kernel in certain situations could cause an error\ncondition to occur. A local attacker could use this to cause a denial of\nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the\nCDROM driver of the Linux kernel. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2018-18710)\");\n\n script_tag(name:\"affected\", value:\"linux-azure on Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1036-azure\", ver:\"4.15.0-1036.38~14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.15.0.1036.23\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-aws-hwe USN-3847-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18690", "CVE-2018-14734", "CVE-2018-18710", "CVE-2018-18445", "CVE-2018-16276", "CVE-2018-10902", "CVE-2018-12896"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843860", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843860", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3847_2.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux-aws-hwe USN-3847-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843860\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\",\n \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-21 07:24:09 +0100 (Fri, 21 Dec 2018)\");\n script_name(\"Ubuntu Update for linux-aws-hwe USN-3847-2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3847-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3847-2/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws-hwe'\n package(s) announced via the USN-3847-2 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu\n16.04 LTS.\n\nIt was discovered that a race condition existed in the raw MIDI driver for\nthe Linux kernel, leading to a double free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the\nInfiniband implementation in the Linux kernel. An attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did\nnot properly restrict user space reads or writes. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not\ncorrectly compute numeric bounds in some situations. A local attacker could\nuse this to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file\nsystem in the Linux kernel in certain situations could cause an error\ncondition to occur. A local attacker could use this to cause a denial of\nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the\nCDROM driver of the Linux kernel. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2018-18710)\");\n\n script_tag(name:\"affected\", value:\"linux-aws-hwe on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1026-gcp\", ver:\"4.15.0-1026.27~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1031-aws\", ver:\"4.15.0-1031.33~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1036-azure\", ver:\"4.15.0-1036.38~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-43-generic\", ver:\"4.15.0-43.46~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-43-generic-lpae\", ver:\"4.15.0-43.46~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-43-lowlatency\", ver:\"4.15.0-43.46~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws-hwe\", ver:\"4.15.0.1031.32\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.15.0.1036.41\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1026.40\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.15.0.43.64\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.15.0.43.64\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1026.40\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.15.0.43.64\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3847-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18690", "CVE-2018-14734", "CVE-2018-18710", "CVE-2018-18445", "CVE-2018-16276", "CVE-2018-10902", "CVE-2018-12896"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843856", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843856", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3847_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux USN-3847-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843856\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\",\n \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-21 07:23:07 +0100 (Fri, 21 Dec 2018)\");\n script_name(\"Ubuntu Update for linux USN-3847-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3847-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3847-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-3847-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that a race condition existed in the raw MIDI driver for\nthe Linux kernel, leading to a double free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the\nInfiniband implementation in the Linux kernel. An attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did\nnot properly restrict user space reads or writes. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not\ncorrectly compute numeric bounds in some situations. A local attacker could\nuse this to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file\nsystem in the Linux kernel in certain situations could cause an error\ncondition to occur. A local attacker could use this to cause a denial of\nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the\nCDROM driver of the Linux kernel. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2018-18710)\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\n\n Note: According to the USN the package names for this update where changed from e.g.\n linux-image-4.15.0-42-generic to linux-image-4.15.0-43-generic. Due to this please\n make sure to install the kernel package containing the -43- part within its name.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1026-gcp\", ver:\"4.15.0-1026.27\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1028-kvm\", ver:\"4.15.0-1028.28\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1030-oem\", ver:\"4.15.0-1030.35\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1030-raspi2\", ver:\"4.15.0-1030.32\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1031-aws\", ver:\"4.15.0-1031.33\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1036-azure\", ver:\"4.15.0-1036.38\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n # nb: According to USN 3847 the kernel updates have been given a new version number.\n # The package names where changed from e.g. linux-image-4.15.0-42-generic to\n # linux-image-4.15.0-43-generic so we need to check for both here:\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-43-generic\", ver:\"4.15.0-43.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-43-generic-lpae\", ver:\"4.15.0-43.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-43-lowlatency\", ver:\"4.15.0-43.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-43-snapdragon\", ver:\"4.15.0-43.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-42-generic\", ver:\"4.15.0-43.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-42-generic-lpae\", ver:\"4.15.0-43.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-42-lowlatency\", ver:\"4.15.0-43.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-42-snapdragon\", ver:\"4.15.0-43.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.15.0.1031.30\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.15.0.1036.36\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1026.28\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.15.0.43.45\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.15.0.43.45\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1026.28\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.15.0.1028.28\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.15.0.43.45\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.1030.35\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.15.0.1030.28\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.15.0.43.45\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3849-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18690", "CVE-2018-14734", "CVE-2018-18710", "CVE-2018-16276", "CVE-2017-2647", "CVE-2018-18386", "CVE-2018-10902", "CVE-2018-12896"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843857", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843857", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3849_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux USN-3849-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843857\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2017-2647\", \"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\",\n \"CVE-2018-16276\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-21 07:23:25 +0100 (Fri, 21 Dec 2018)\");\n script_name(\"Ubuntu Update for linux USN-3849-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3849-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3849-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-3849-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that a NULL pointer dereference existed in the keyring\nsubsystem of the Linux kernel. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-2647)\n\nIt was discovered that a race condition existed in the raw MIDI driver for\nthe Linux kernel, leading to a double free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the\nInfiniband implementation in the Linux kernel. An attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did\nnot properly restrict user space reads or writes. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-16276)\n\nTetsuo Handa discovered a logic error in the TTY subsystem of the Linux\nkernel. A local attacker with access to pseudo terminal devices could use\nthis to cause a denial of service. (CVE-2018-18386)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file\nsystem in the Linux kernel in certain situations could cause an error\ncondition to occur. A local attacker could use this to cause a denial of\nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the\nCDROM driver of the Linux kernel. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2018-18710)\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-164-generic\", ver:\"3.13.0-164.214\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-164-generic-lpae\", ver:\"3.13.0-164.214\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-164-lowlatency\", ver:\"3.13.0-164.214\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-164-powerpc-e500\", ver:\"3.13.0-164.214\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-164-powerpc-e500mc\", ver:\"3.13.0-164.214\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-164-powerpc-smp\", ver:\"3.13.0-164.214\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-164-powerpc64-emb\", ver:\"3.13.0-164.214\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-164-powerpc64-smp\", ver:\"3.13.0-164.214\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.13.0.164.174\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"3.13.0.164.174\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"3.13.0.164.174\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500\", ver:\"3.13.0.164.174\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"3.13.0.164.174\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.13.0.164.174\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"3.13.0.164.174\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.13.0.164.174\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:37:07", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1220)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10878", "CVE-2018-18690", "CVE-2018-10881", "CVE-2018-13093", "CVE-2018-10883", "CVE-2018-17972", "CVE-2018-10879", "CVE-2018-13094"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191220", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191220", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1220\");\n script_version(\"2020-01-23T11:35:22+0000\");\n script_cve_id(\"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10881\", \"CVE-2018-10883\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-17972\", \"CVE-2018-18690\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:35:22 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:35:22 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1220)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1220\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1220\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1220 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.CVE-2018-17972\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.CVE-2018-10883\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.CVE-2018-10878\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.CVE-2018-10879\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.CVE-2018-10881\n\nAn issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. This can lead to a system crash and a denial of service.CVE-2018-13094\n\nAn issue was discovered in the XFS filesystem in fs/xfs/xfs_icache.c in the Linux kernel. There is a NULL pointer dereference leading to a system panic in lookup_slow() on a NULL inode-i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during an allocation.CVE-2018-13093\n\nIn the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.CVE-2018-18690\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 2.5.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.44.5.10_125\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.44.5.10_125\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.44.5.10_125\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.44.5.10_125\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.44.5.10_125\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~514.44.5.10_125\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-01-27T18:38:36", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1223)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10878", "CVE-2018-18690", "CVE-2018-10881", "CVE-2018-13093", "CVE-2018-10883", "CVE-2018-17972", "CVE-2019-5489", "CVE-2018-10879", "CVE-2018-13094"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191223", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1223\");\n script_version(\"2020-01-23T11:35:36+0000\");\n script_cve_id(\"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10881\", \"CVE-2018-10883\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-17972\", \"CVE-2018-18690\", \"CVE-2019-5489\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:35:36 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:35:36 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1223)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.4\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1223\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1223\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1223 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.CVE-2019-5489\n\nAn issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.CVE-2018-17972\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.CVE-2018-10883\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.CVE-2018-10878\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.CVE-2018-10879\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.CVE-2018-10881\n\nAn issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. This can lead to a system crash and a denial of service.CVE-2018-13094\n\nAn issue was discovered in the XFS filesystem in fs/xfs/xfs_icache.c in the Linux kernel. There is a NULL pointer dereference leading to a system panic in lookup_slow() on a NULL inode-i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during an allocation.CVE-2018-13093\n\nIn the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesyst ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 2.5.4.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.4\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.1_51\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.1_51\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.1_51\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.1_51\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.1_51\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.1_51\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-01-27T18:33:21", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1511)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-13405", "CVE-2018-18690", "CVE-2018-13093", "CVE-2018-14734", "CVE-2018-1130", "CVE-2018-15594", "CVE-2018-16658", "CVE-2018-14633", "CVE-2018-14634", "CVE-2018-13094"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191511", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191511", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1511\");\n script_version(\"2020-01-23T12:00:17+0000\");\n script_cve_id(\"CVE-2018-1130\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13405\", \"CVE-2018-14633\", \"CVE-2018-14634\", \"CVE-2018-14734\", \"CVE-2018-15594\", \"CVE-2018-16658\", \"CVE-2018-18690\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:00:17 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:00:17 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1511)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1511\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1511\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1511 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls.(CVE-2018-1130)\n\nAn issue was discovered in the XFS filesystem in fs/xfs/xfs_icache.c in the Linux kernel. There is a NULL pointer dereference leading to a system panic in lookup_slow() on a NULL inode-i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during an allocation.(CVE-2018-13093)\n\nAn issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. This can lead to a system crash and a denial of service.(CVE-2018-13094)\n\nA vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not.(CVE-2018-13405)\n\nA security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial of service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely.(CVE-2018-14633)\n\nAn integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system.(CVE-2018-14634)\n\nA flaw was found in the Linux Kernel in the ucma_leave_multicast() function in drivers/infiniband/core/ucma.c which allows access to a certain data structure after freeing it in ucma_process_join(). This allows an attacker to cause a use-after-free bug and to induce kernel memory corruption ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-01-27T18:37:28", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1028)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1108", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-18690", "CVE-2018-10881", "CVE-2013-3076", "CVE-2019-3701", "CVE-2018-17972", "CVE-2018-18386", "CVE-2018-16658", "CVE-2018-14633", "CVE-2018-14646"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191028", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191028", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1028\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2013-3076\", \"CVE-2018-10878\", \"CVE-2018-10880\", \"CVE-2018-10881\", \"CVE-2018-1108\", \"CVE-2018-14633\", \"CVE-2018-14646\", \"CVE-2018-16658\", \"CVE-2018-17972\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2019-3701\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:28:10 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1028)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1028\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1028\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1028 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.(CVE-2018-10878)\n\nAn issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. This is related to cgw_csum_xor_rel. An unprivileged user can trigger a system crash (general protection fault).(CVE-2019-3701)\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10881)\n\nA flaw was found in the Linux kernel's ext4 filesystem code. A stack-out-of-bounds write in ext4_update_inline_data() is possible when mounting and writing to a crafted ext4 image. An attacker could use this to cause a system crash and a denial of service.(CVE-2018-10880)\n\nThe crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.(CVE-2013-3076)\n\n weakness was found in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.(CVE-2018-1108)\n\nAn issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.(CVE-2018-17972)\n\nA security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architectu ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.0.1.h80.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~862.14.0.1.h80.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~862.14.0.1.h80.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.0.1.h80.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.0.1.h80.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.0.1.h80.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.0.1.h80.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.0.1.h80.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.0.1.h80.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-02-05T16:42:24", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1432)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10878", "CVE-2018-18690", "CVE-2018-10881", "CVE-2018-5848", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-18386", "CVE-2018-16658", "CVE-2018-14633", "CVE-2018-5803", "CVE-2018-1092", "CVE-2018-1000026"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220181432", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181432", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1432\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2018-1000026\", \"CVE-2018-10878\", \"CVE-2018-10881\", \"CVE-2018-1092\", \"CVE-2018-14633\", \"CVE-2018-15594\", \"CVE-2018-16276\", \"CVE-2018-16658\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2018-5803\", \"CVE-2018-5848\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:26:19 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1432)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1432\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1432\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2018-1432 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.(CVE-2018-5803)\n\nLinux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.(CVE-2018-1000026)\n\nThe Linux kernel is vulnerable to a NULL pointer dereference in the ext4/mballoc.c:ext4_process_freed_data() function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted ext4 image to cause a kernel panic.(CVE-2018-1092)\n\nIn the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the ie_len argument can cause a buffer overflow and thus a memory corruption leading to a system crash or other or unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-5848)\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10881)\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.(CVE-2018-10878)\n\nA security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial of service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely.(CVE-2018-18386) ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-02-05T16:38:48", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1484)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2672", "CVE-2017-18222", "CVE-2015-0569", "CVE-2016-7117", "CVE-2018-10878", "CVE-2018-18690", "CVE-2018-13100", "CVE-2015-3331", "CVE-2013-7266", "CVE-2015-5366", "CVE-2015-5307", "CVE-2017-6214", "CVE-2014-2678", "CVE-2017-1000410", "CVE-2016-4440", "CVE-2017-17052", "CVE-2015-2150", "CVE-2018-10087", "CVE-2014-8086", "CVE-2016-7914"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191484", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191484", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1484\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-7266\", \"CVE-2014-2672\", \"CVE-2014-2678\", \"CVE-2014-8086\", \"CVE-2015-0569\", \"CVE-2015-2150\", \"CVE-2015-3331\", \"CVE-2015-5307\", \"CVE-2015-5366\", \"CVE-2016-4440\", \"CVE-2016-7117\", \"CVE-2016-7914\", \"CVE-2017-1000410\", \"CVE-2017-17052\", \"CVE-2017-18222\", \"CVE-2017-6214\", \"CVE-2018-10087\", \"CVE-2018-10878\", \"CVE-2018-13100\", \"CVE-2018-18690\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:53:18 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1484)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1484\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1484\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1484 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In the Linux kernel, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data. This allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impacts.(CVE-2017-18222)\n\nA flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.(CVE-2015-5366)\n\nA use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.(CVE-2016-7117)\n\narch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode.(CVE-2016-4440)\n\nIn the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.(CVE-2018-18690)\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.(CVE-2018-10878)\n\nXen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.(CVE-2015-2150)\n\nThe assoc_array_insert_into_terminal_node() function in 'lib/assoc_array.c' in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an appl ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T19:30:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-03-27T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for linux (DLA-1731-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2017-5753", "CVE-2018-13053", "CVE-2018-19824", "CVE-2018-18690", "CVE-2016-10741", "CVE-2018-5848", "CVE-2018-5953", "CVE-2018-16862", "CVE-2017-13305", "CVE-2018-18710", "CVE-2018-18281", "CVE-2019-7221", "CVE-2018-16884", "CVE-2019-3701", "CVE-2018-17972", "CVE-2019-6974", "CVE-2019-9213", "CVE-2018-20169", "CVE-2018-3639", "CVE-2019-3819", "CVE-2018-19985", "CVE-2018-12896", "CVE-2018-20511"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891731", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891731", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891731\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-10741\", \"CVE-2017-13305\", \"CVE-2017-5753\", \"CVE-2018-12896\", \"CVE-2018-13053\", \"CVE-2018-16862\", \"CVE-2018-16884\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-18690\", \"CVE-2018-18710\", \"CVE-2018-19824\", \"CVE-2018-19985\", \"CVE-2018-20169\", \"CVE-2018-20511\", \"CVE-2018-3639\", \"CVE-2018-5848\", \"CVE-2018-5953\", \"CVE-2019-3701\", \"CVE-2019-3819\", \"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\", \"CVE-2019-9213\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-27 23:00:00 +0100 (Wed, 27 Mar 2019)\");\n script_name(\"Debian LTS: Security Advisory for linux (DLA-1731-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1731-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the DLA-1731-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2016-10741\n\nA race condition was discovered in XFS that would result in a\ncrash (BUG). A local user permitted to write to an XFS volume\ncould use this for denial of service.\n\nCVE-2017-5753\n\nFurther instances of code that was vulnerable to Spectre variant 1\n(bounds-check bypass) have been mitigated.\n\nCVE-2017-13305\n\nA memory over-read was discovered in the keys subsystem's\nencrypted key type. A local user could use this for denial of\nservice or possibly to read sensitive information.\n\nCVE-2018-3639 (SSB)\n\nMultiple researchers have discovered that Speculative Store Bypass\n(SSB), a feature implemented in many processors, could be used to\nread sensitive information from another context. In particular,\ncode in a software sandbox may be able to read sensitive\ninformation from outside the sandbox. This issue is also known as\nSpectre variant 4.\n\nThis update fixes bugs in the mitigations for SSB for AMD\nprocessors.\n\nCVE-2018-5848\n\nThe wil6210 wifi driver did not properly validate lengths in scan\nand connection requests, leading to a possible buffer overflow.\nOn systems using this driver, a local user with the CAP_NET_ADMIN\ncapability could use this for denial of service (memory corruption\nor crash) or potentially for privilege escalation.\n\nCVE-2018-5953\n\nThe swiotlb subsystem printed kernel memory addresses to the\nsystem log, which could help a local attacker to exploit other\nvulnerabilities.\n\nCVE-2018-12896, CVE-2018-13053\n\nTeam OWL337 reported possible integer overflows in the POSIX\ntimer implementation. These might have some security impact.\n\nCVE-2018-16862\n\nVasily Averin and Pavel Tikhomirov from Virtuozzo Kernel Team\ndiscovered that the cleancache memory management feature did not\ninvalidate cached data for deleted files. On Xen guests using the\ntmem driver, local users could potentially read data from other\nusers' deleted files if they were able to create new files on the\nsame volume.\n\nCVE-2018-16884\n\nA flaw was found in the NFS 4.1 client implementation. Mounting\nNFS shares in multiple network namespaces at the same time could\nlead to a user-after-free. Local users might be able to use this\nfor denial of service (memory corruption or crash) or possibly\nfor privilege escalation.\n\nThis can be mitigated by disabling unprivileged users from\ncreating user namespaces, which is the default in Debian.\n\nCVE-2018-17972\n\nJann Horn reported that the /proc/*/stack files in procfs leaked\nsensitive data from the kernel. These files are now only readable\nby users with the CAP_SYS_AD ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n3.16.64-1.\n\nWe recommend that you upgrade your linux packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.9-x86\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-586\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-686-pae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-armel\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-armhf\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-i386\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-armmp\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-armmp-lpae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-common\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-ixp4xx\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-kirkwood\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-orion5x\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-versatile\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-586\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-686-pae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-armel\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-armhf\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-i386\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-armmp\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-armmp-lpae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-common\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-ixp4xx\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-kirkwood\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-orion5x\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-versatile\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-586\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-686-pae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-all\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-all-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-all-armel\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-all-armhf\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-all-i386\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-armmp\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-armmp-lpae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-common\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-ixp4xx\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-kirkwood\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-orion5x\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-versatile\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-586\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-686-pae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-all\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-all-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-all-armel\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-all-armhf\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-all-i386\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-armmp\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-armmp-lpae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-common\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-ixp4xx\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-kirkwood\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-orion5x\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-versatile\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-586\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-686-pae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-686-pae-dbg\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-amd64-dbg\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-armmp\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-armmp-lpae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-ixp4xx\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-kirkwood\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-orion5x\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-versatile\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-586\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-686-pae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-686-pae-dbg\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-amd64-dbg\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-armmp\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-armmp-lpae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-ixp4xx\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-kirkwood\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-orion5x\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-versatile\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-586\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-686-pae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-686-pae-dbg\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-amd64-dbg\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-armmp\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-armmp-lpae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-ixp4xx\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-kirkwood\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-orion5x\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-versatile\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-586\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-686-pae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-686-pae-dbg\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-amd64-dbg\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-armmp\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-armmp-lpae\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-ixp4xx\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-kirkwood\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-orion5x\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-versatile\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-6\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-7\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-8\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-5-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-6-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-7-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-8-amd64\", ver:\"3.16.64-1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T19:29:15", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-18249\n\n A race condition was discovered in the disk space allocator of\n F2FS. A user with access to an F2FS volume could use this to cause\n a denial of service or other security impact.\n\nCVE-2018-1128, CVE-2018-1129\n\n The cephx authentication protocol used by Ceph was susceptible to\n replay attacks, and calculated signatures incorrectly. These\n vulnerabilities in the server required changes to authentication\n that are incompatible with existing clients. The kernel", "cvss3": {}, "published": "2019-03-19T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for linux-4.9 (DLA-1715-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-13053", "CVE-2018-14610", "CVE-2018-13096", "CVE-2018-18690", "CVE-2018-13100", "CVE-2018-13406", "CVE-2017-18249", "CVE-2018-5848", "CVE-2018-16862", "CVE-2018-5391", "CVE-2018-18710", "CVE-2018-18281", "CVE-2018-14614", "CVE-2018-15471", "CVE-2018-17972", "CVE-2018-14612", "CVE-2018-14611", "CVE-2018-19407", "CVE-2018-13097", "CVE-2018-1129", "CVE-2018-3639", "CVE-2018-1128", "CVE-2018-12896", "CVE-2018-14616", "CVE-2018-6554", "CVE-2018-14613"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891715", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891715", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891715\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-18249\", \"CVE-2018-1128\", \"CVE-2018-1129\", \"CVE-2018-12896\", \"CVE-2018-13053\",\n \"CVE-2018-13096\", \"CVE-2018-13097\", \"CVE-2018-13100\", \"CVE-2018-13406\", \"CVE-2018-14610\",\n \"CVE-2018-14611\", \"CVE-2018-14612\", \"CVE-2018-14613\", \"CVE-2018-14614\", \"CVE-2018-14616\",\n \"CVE-2018-15471\", \"CVE-2018-16862\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-18690\",\n \"CVE-2018-18710\", \"CVE-2018-19407\", \"CVE-2018-3639\", \"CVE-2018-5391\", \"CVE-2018-5848\",\n \"CVE-2018-6554\");\n script_name(\"Debian LTS: Security Advisory for linux-4.9 (DLA-1715-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-19 00:00:00 +0100 (Tue, 19 Mar 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"linux-4.9 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n4.9.144-3.1~deb8u1. This version also includes fixes for Debian bugs\n#890034, #896911, #907581, #915229, #915231 and other fixes\nincluded in upstream stable updates.\n\nWe recommend that you upgrade your linux-4.9 packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-18249\n\n A race condition was discovered in the disk space allocator of\n F2FS. A user with access to an F2FS volume could use this to cause\n a denial of service or other security impact.\n\nCVE-2018-1128, CVE-2018-1129\n\n The cephx authentication protocol used by Ceph was susceptible to\n replay attacks, and calculated signatures incorrectly. These\n vulnerabilities in the server required changes to authentication\n that are incompatible with existing clients. The kernel's client\n code has now been updated to be compatible with the fixed server.\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.9-arm\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-4.9\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-686\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-686-pae\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all-amd64\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all-armel\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all-armhf\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all-i386\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-amd64\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-armmp\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-armmp-lpae\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-common\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-common-rt\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-marvell\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-rt-686-pae\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-rt-amd64\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-686\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-686-pae\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all-amd64\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all-armel\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all-armhf\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all-i386\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-amd64\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-armmp\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-armmp-lpae\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-common\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-common-rt\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-marvell\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-rt-686-pae\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-rt-amd64\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-686\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-686-pae\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-686-pae-dbg\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-amd64\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-amd64-dbg\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-armmp\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-armmp-lpae\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-marvell\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-rt-686-pae\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-rt-amd64\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-686\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-686-pae\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-686-pae-dbg\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-amd64\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-amd64-dbg\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-armmp\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-armmp-lpae\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-marvell\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-rt-686-pae\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-rt-686-pae-dbg\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-rt-amd64\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-rt-amd64-dbg\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-kbuild-4.9\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-4.9\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-perf-4.9\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-4.9\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-0.bpo.7\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-0.bpo.8\", ver:\"4.9.144-3.1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2023-01-26T13:02:14", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n * linux-snapdragon \\- Linux kernel for Snapdragon processors\n\nIt was discovered that a double free existed in the AMD GPIO driver in the \nLinux kernel. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2017-18174)\n\nIt was discovered that an integer overrun vulnerability existed in the \nPOSIX timers implementation in the Linux kernel. A local attacker could use \nthis to cause a denial of service. (CVE-2018-12896)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file \nsystem in the Linux kernel in certain situations could cause an error \ncondition to occur. A local attacker could use this to cause a denial of \nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the \nCDROM driver of the Linux kernel. A local attacker could use this to expose \nsensitive information (kernel memory). (CVE-2018-18710)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-20T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18174", "CVE-2018-12896", "CVE-2018-18690", "CVE-2018-18710"], "modified": "2018-12-20T00:00:00", "id": "USN-3848-1", "href": "https://ubuntu.com/security/notices/USN-3848-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T13:02:09", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-lts-xenial \\- Linux hardware enablement kernel from Xenial for Trusty\n\nUSN-3848-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nIt was discovered that a double free existed in the AMD GPIO driver in the \nLinux kernel. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2017-18174)\n\nIt was discovered that an integer overrun vulnerability existed in the \nPOSIX timers implementation in the Linux kernel. A local attacker could use \nthis to cause a denial of service. (CVE-2018-12896)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file \nsystem in the Linux kernel in certain situations could cause an error \ncondition to occur. A local attacker could use this to cause a denial of \nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the \nCDROM driver of the Linux kernel. A local attacker could use this to expose \nsensitive information (kernel memory). (CVE-2018-18710)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-20T00:00:00", "type": "ubuntu", "title": "Linux kernel (Xenial HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18174", "CVE-2018-12896", "CVE-2018-18690", "CVE-2018-18710"], "modified": "2018-12-20T00:00:00", "id": "USN-3848-2", "href": "https://ubuntu.com/security/notices/USN-3848-2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T13:02:19", "description": "## Releases\n\n * Ubuntu 18.04 LTS\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oem \\- Linux kernel for OEM processors\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n\nIt was discovered that a race condition existed in the raw MIDI driver for \nthe Linux kernel, leading to a double free vulnerability. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the \nPOSIX timers implementation in the Linux kernel. A local attacker could use \nthis to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the \nInfiniband implementation in the Linux kernel. An attacker could use this \nto cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did \nnot properly restrict user space reads or writes. A physically proximate \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not \ncorrectly compute numeric bounds in some situations. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file \nsystem in the Linux kernel in certain situations could cause an error \ncondition to occur. A local attacker could use this to cause a denial of \nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the \nCDROM driver of the Linux kernel. A local attacker could use this to expose \nsensitive information (kernel memory). (CVE-2018-18710)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-20T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10902", "CVE-2018-12896", "CVE-2018-14734", "CVE-2018-16276", "CVE-2018-18445", "CVE-2018-18690", "CVE-2018-18710"], "modified": "2018-12-20T00:00:00", "id": "USN-3847-1", "href": "https://ubuntu.com/security/notices/USN-3847-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T13:02:17", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n\nUSN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 \nLTS. This update provides the corresponding updates for the Linux \nkernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS.\n\nIt was discovered that a race condition existed in the raw MIDI driver for \nthe Linux kernel, leading to a double free vulnerability. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the \nPOSIX timers implementation in the Linux kernel. A local attacker could use \nthis to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the \nInfiniband implementation in the Linux kernel. An attacker could use this \nto cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did \nnot properly restrict user space reads or writes. A ph