In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel
{"prion": [{"lastseen": "2023-08-16T08:38:36", "description": "In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-17T16:15:00", "type": "prion", "title": "CVE-2020-0404", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0404"], "modified": "2023-02-28T15:39:00", "id": "PRION:CVE-2020-0404", "href": "https://kb.prio-n.com/vulnerability/CVE-2020-0404", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "redhatcve": [{"lastseen": "2023-09-22T02:47:53", "description": "A flaw linked list corruption in the Linux kernel for USB Video Class driver functionality was found in the way user connects web camera to the USB port. A local user could use this flaw to crash the system.\n#### Mitigation\n\nTo mitigate this issue, prevent the module uvcvideo from being loaded. Please see <https://access.redhat.com/solutions/41278> for information on how to blacklist a kernel module to prevent it from loading automatically. \n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-01-25T07:53:01", "type": "redhatcve", "title": "CVE-2020-0404", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0404"], "modified": "2023-04-06T06:37:35", "id": "RH:CVE-2020-0404", "href": "https://access.redhat.com/security/cve/cve-2020-0404", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2023-09-28T17:44:02", "description": "In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list\ncorruption due to an unusual root cause. This could lead to local\nescalation of privilege in the kernel with no additional execution\nprivileges needed. User interaction is not needed for exploitation.Product:\nAndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream\nkernel", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-17T00:00:00", "type": "ubuntucve", "title": "CVE-2020-0404", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0404"], "modified": "2020-09-17T00:00:00", "id": "UB:CVE-2020-0404", "href": "https://ubuntu.com/security/CVE-2020-0404", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "osv": [{"lastseen": "2023-09-21T14:45:22", "description": "In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-01T00:00:00", "type": "osv", "title": "syzkaller \u203a usb/media/uvc: warning in uvc_scan_chain_forward/__list_add", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0404"], "modified": "2023-09-21T14:41:26", "id": "OSV:ASB-A-111893654", "href": "https://osv.dev/vulnerability/ASB-A-111893654", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "veracode": [{"lastseen": "2023-05-24T14:13:30", "description": "kernel is vulnerable to privilege escalation. There is a possible linked list corruption in `uvc_scan_chain_forward of uvc_driver.c` due to an unusual root cause which could lead to a local escalation of privileges in the library with no additional execution privileges needed. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-25T00:43:07", "type": "veracode", "title": "Privilege Escalation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0404"], "modified": "2023-02-28T17:57:01", "id": "VERACODE:35676", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-35676/summary", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "debiancve": [{"lastseen": "2023-09-29T06:16:38", "description": "In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-17T16:15:00", "type": "debiancve", "title": "CVE-2020-0404", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0404"], "modified": "2020-09-17T16:15:00", "id": "DEBIANCVE:CVE-2020-0404", "href": "https://security-tracker.debian.org/tracker/CVE-2020-0404", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2023-06-22T12:54:44", "description": "The remote OracleVM system is missing necessary patches to address security updates:\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (CVE-2019-5489)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394)\n\n - A memory corruption flaw was found in the Linux kernel's human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-1073)\n\n - A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service. (CVE-2023-1074)\n\n - In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list\n -- the list head is all zeroes, this results in a NULL pointer dereference. (CVE-2023-1095)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-07T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : kernel-uek (OVMSA-2023-0007)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5489", "CVE-2020-0404", "CVE-2023-0394", "CVE-2023-1073", "CVE-2023-1074", "CVE-2023-1095"], "modified": "2023-05-25T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2023-0007.NASL", "href": "https://www.tenable.com/plugins/nessus/174014", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were\n# extracted from OracleVM Security Advisory OVMSA-2023-0007.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174014);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2019-5489\",\n \"CVE-2020-0404\",\n \"CVE-2023-0394\",\n \"CVE-2023-1073\",\n \"CVE-2023-1074\",\n \"CVE-2023-1095\"\n );\n\n script_name(english:\"OracleVM 3.4 : kernel-uek (OVMSA-2023-0007)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OracleVM host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote OracleVM system is missing necessary patches to address security updates:\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers\n to observe page cache access patterns of other processes on the same system, potentially allowing sniffing\n of secret information. (Fixing this affects the output of the fincore program.) Limited remote\n exploitation may be possible, as demonstrated by latency differences in accessing public files from an\n Apache HTTP Server. (CVE-2019-5489)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual\n root cause. This could lead to local escalation of privilege in the kernel with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network\n subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394)\n\n - A memory corruption flaw was found in the Linux kernel's human interface device (HID) subsystem in how a\n user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2023-1073)\n\n - A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may\n occur when a user starts a malicious networking service and someone connects to this service. This could\n allow a local user to starve resources, causing a denial of service. (CVE-2023-1074)\n\n - In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the\n transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list\n -- the list head is all zeroes, this results in a NULL pointer dereference. (CVE-2023-1095)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2019-5489.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-0404.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2023-0394.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2023-1073.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2023-1074.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2023-1095.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/OVMSA-2023-0007.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek / kernel-uek-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5489\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-1073\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.73.2.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for OVMSA-2023-0007');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.73.2.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.73.2.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'OVS' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-firmware');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-22T13:16:18", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12232 advisory.\n\n - In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list\n -- the list head is all zeroes, this results in a NULL pointer dereference. (CVE-2023-1095)\n\n - A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (CVE-2019-5489)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - A memory corruption flaw was found in the Linux kernel's human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-1073)\n\n - A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service. (CVE-2023-1074)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-04T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2023-12232)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5489", "CVE-2020-0404", "CVE-2023-0394", "CVE-2023-1073", "CVE-2023-1074", "CVE-2023-1095"], "modified": "2023-09-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2023-12232.NASL", "href": "https://www.tenable.com/plugins/nessus/173833", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2023-12232.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173833);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/18\");\n\n script_cve_id(\n \"CVE-2019-5489\",\n \"CVE-2020-0404\",\n \"CVE-2023-0394\",\n \"CVE-2023-1073\",\n \"CVE-2023-1074\",\n \"CVE-2023-1095\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2023-12232)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2023-12232 advisory.\n\n - In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the\n transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list\n -- the list head is all zeroes, this results in a NULL pointer dereference. (CVE-2023-1095)\n\n - A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network\n subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers\n to observe page cache access patterns of other processes on the same system, potentially allowing sniffing\n of secret information. (Fixing this affects the output of the fincore program.) Limited remote\n exploitation may be possible, as demonstrated by latency differences in accessing public files from an\n Apache HTTP Server. (CVE-2019-5489)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual\n root cause. This could lead to local escalation of privilege in the kernel with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - A memory corruption flaw was found in the Linux kernel's human interface device (HID) subsystem in how a\n user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2023-1073)\n\n - A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may\n occur when a user starts a malicious networking service and someone connects to this service. This could\n allow a local user to starve resources, causing a denial of service. (CVE-2023-1074)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2023-12232.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5489\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-1073\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.73.2.el6uek', '4.1.12-124.73.2.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2023-12232');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-doc-4.1.12-124.73.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.73.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.73.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.73.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.73.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.73.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.73.2.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.73.2.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.73.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.73.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.73.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.73.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T16:07:35", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.(CVE-2020-16166)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.(CVE-2020-24394)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel(CVE-2020-0404)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-14385)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)\n\n - A flaw was found in the Linux kernel in versions from 2.2.3 through 5.9.rc5. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. This highest threat from this vulnerability is to system availability.(CVE-2020-14390)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-09-29T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-2011)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0404", "CVE-2020-14385", "CVE-2020-14390", "CVE-2020-16166", "CVE-2020-24394", "CVE-2020-25212", "CVE-2020-25284"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-2011.NASL", "href": "https://www.tenable.com/plugins/nessus/140959", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140959);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-14385\",\n \"CVE-2020-14390\",\n \"CVE-2020-16166\",\n \"CVE-2020-24394\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-2011)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The Linux kernel through 5.7.11 allows remote attackers\n to make observations that help to obtain sensitive\n information about the internal state of the network\n RNG, aka CID-f227e3ec3b5c. This is related to\n drivers/char/random.c and\n kernel/time/timer.c.(CVE-2020-16166)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the\n NFS server) can set incorrect permissions on new\n filesystem objects when the filesystem lacks ACL\n support, aka CID-22cf8419f131. This occurs because the\n current umask is not considered.(CVE-2020-24394)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a\n possible linked list corruption due to an unusual root\n cause. This could lead to local escalation of privilege\n in the kernel with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream\n kernel(CVE-2020-0404)\n\n - A TOCTOU mismatch in the NFS client code in the Linux\n kernel before 5.8.3 could be used by local attackers to\n corrupt memory or possibly have unspecified other\n impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka\n CID-b4487b935452.(CVE-2020-25212)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A\n failure of the file system metadata validator in XFS\n can cause an inode with a valid, user-creatable\n extended attribute to be flagged as corrupt. This can\n lead to the filesystem being shutdown, or otherwise\n rendered inaccessible until it is remounted, leading to\n a denial of service. The highest threat from this\n vulnerability is to system\n availability.(CVE-2020-14385)\n\n - The rbd block device driver in drivers/block/rbd.c in\n the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which\n could be leveraged by local attackers to map or unmap\n rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)\n\n - A flaw was found in the Linux kernel in versions from\n 2.2.3 through 5.9.rc5. When changing screen size, an\n out-of-bounds memory write can occur leading to memory\n corruption or a denial of service. This highest threat\n from this vulnerability is to system\n availability.(CVE-2020-14390)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2011\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?82243a9c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14390\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-24394\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\",\n \"kernel-tools-libs-devel-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:24:49", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c, aka CID-b4487b935452..(CVE-2020-25212)A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-14385)In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel(CVE-2020-0404)The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2176)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0404", "CVE-2020-14314", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285"], "modified": "2021-04-19T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2176.NASL", "href": "https://www.tenable.com/plugins/nessus/141329", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141329);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/19\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-14314\",\n \"CVE-2020-14385\",\n \"CVE-2020-14386\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2176)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):A TOCTOU mismatch in the\n NFS client code in the Linux kernel before 5.8.3 could\n be used by local attackers to corrupt memory or\n possibly have unspecified other impact because a size\n check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/\n nfs4xdr.c, aka CID-b4487b935452..(CVE-2020-25212)A flaw\n was found in the Linux kernel before 5.9-rc4. A failure\n of the file system metadata validator in XFS can cause\n an inode with a valid, user-creatable extended\n attribute to be flagged as corrupt. This can lead to\n the filesystem being shutdown, or otherwise rendered\n inaccessible until it is remounted, leading to a denial\n of service. The highest threat from this vulnerability\n is to system availability.(CVE-2020-14385)In\n uvc_scan_chain_forward of uvc_driver.c, there is a\n possible linked list corruption due to an unusual root\n cause. This could lead to local escalation of privilege\n in the kernel with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream\n kernel(CVE-2020-0404)The rbd block device driver in\n drivers/block/rbd.c in the Linux kernel through 5.8.9\n used incomplete permission checking for access to rbd\n devices, which could be leveraged by local attackers to\n map or unmap rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)A race condition\n between hugetlb sysctl handlers in mm/hugetlb.c in the\n Linux kernel before 5.8.8 could be used by local\n attackers to corrupt memory, cause a NULL pointer\n dereference, or possibly have unspecified other impact,\n aka CID-17743798d812.(CVE-2020-25285)A memory\n out-of-bounds read flaw was found in the Linux kernel\n before 5.9-rc2 with the ext3/ext4 file system, in the\n way it accesses a directory with broken indexing. This\n flaw allows a local user to crash the system if the\n directory exists. The highest threat from this\n vulnerability is to system\n availability.(CVE-2020-14314)A flaw was found in the\n Linux kernel before 5.9-rc4. Memory corruption can be\n exploited to gain root privileges from unprivileged\n processes. The highest threat from this vulnerability\n is to data confidentiality and\n integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2176\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ba7a261\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.18.0-147.5.1.0.h208.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.0.h208.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.0.h208.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.0.h208.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T15:36:18", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.(CVE-2019-0147)A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service.\n The highest threat from this vulnerability is to system availability.(CVE-2020-14385)In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-111893654References: Upstream kernel(CVE-2020-0404)The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists.\n The highest threat from this vulnerability is to system availability.(CVE-2020-14314)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2166)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0147", "CVE-2020-0404", "CVE-2020-14314", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2166.NASL", "href": "https://www.tenable.com/plugins/nessus/141332", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141332);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/02\");\n\n script_cve_id(\n \"CVE-2019-0147\",\n \"CVE-2020-0404\",\n \"CVE-2020-14314\",\n \"CVE-2020-14385\",\n \"CVE-2020-14386\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2166)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):A race condition between\n hugetlb sysctl handlers in mm/hugetlb.c in the Linux\n kernel before 5.8.8 could be used by local attackers to\n corrupt memory, cause a NULL pointer dereference, or\n possibly have unspecified other impact, aka\n CID-17743798d812.(CVE-2020-25285)A flaw was found in\n the Linux kernel before 5.9-rc4. Memory corruption can\n be exploited to gain root privileges from unprivileged\n processes. The highest threat from this vulnerability\n is to data confidentiality and\n integrity.(CVE-2020-14386)Insufficient input validation\n in i40e driver for Intel(R) Ethernet 700 Series\n Controllers versions before 7.0 may allow an\n authenticated user to potentially enable a denial of\n service via local access.(CVE-2019-0147)A TOCTOU\n mismatch in the NFS client code in the Linux kernel\n before 5.8.3 could be used by local attackers to\n corrupt memory or possibly have unspecified other\n impact because a size check is in fs/ nfs/ nfs4proc.c\n instead of fs/ nfs/ nfs4xdr.c, aka\n CID-b4487b935452.(CVE-2020-25212)A flaw was found in\n the Linux kernel before 5.9-rc4. A failure of the file\n system metadata validator in XFS can cause an inode\n with a valid, user-creatable extended attribute to be\n flagged as corrupt. This can lead to the filesystem\n being shutdown, or otherwise rendered inaccessible\n until it is remounted, leading to a denial of service.\n The highest threat from this vulnerability is to system\n availability.(CVE-2020-14385)In uvc_scan_chain_forward\n of uvc_driver.c, there is a possible linked list\n corruption due to an unusual root cause. This could\n lead to local escalation of privilege in the kernel\n with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-111893654References: Upstream\n kernel(CVE-2020-0404)The rbd block device driver in\n drivers/block/rbd.c in the Linux kernel through 5.8.9\n used incomplete permission checking for access to rbd\n devices, which could be leveraged by local attackers to\n map or unmap rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)A memory out-of-bounds\n read flaw was found in the Linux kernel before 5.9-rc2\n with the ext3/ext4 file system, in the way it accesses\n a directory with broken indexing. This flaw allows a\n local user to crash the system if the directory exists.\n The highest threat from this vulnerability is to system\n availability.(CVE-2020-14314)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2166\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?af285e64\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.90-vhulk2009.2.0.h269.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2009.2.0.h269.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2009.2.0.h269.eulerosv2r9\",\n \"python3-perf-4.19.90-vhulk2009.2.0.h269.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T16:07:34", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.(CVE-2019-0145)Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.(CVE-2019-0147)In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/ netfilter/ nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.(CVE-2020-25211)In the Linux kernel before 5.7.8, fs/ nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.(CVE-2020-24394)A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service.\n The highest threat from this vulnerability is to system availability.(CVE-2020-14385)The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel(CVE-2020-0404)A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-09-29T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2151)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0145", "CVE-2019-0147", "CVE-2020-0404", "CVE-2020-14385", "CVE-2020-24394", "CVE-2020-25211", "CVE-2020-25212", "CVE-2020-25284"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2151.NASL", "href": "https://www.tenable.com/plugins/nessus/140999", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140999);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/02\");\n\n script_cve_id(\n \"CVE-2019-0145\",\n \"CVE-2019-0147\",\n \"CVE-2020-0404\",\n \"CVE-2020-14385\",\n \"CVE-2020-24394\",\n \"CVE-2020-25211\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2151)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):Buffer overflow in i40e\n driver for Intel(R) Ethernet 700 Series Controllers\n versions before 7.0 may allow an authenticated user to\n potentially enable an escalation of privilege via local\n access.(CVE-2019-0145)Insufficient input validation in\n i40e driver for Intel(R) Ethernet 700 Series\n Controllers versions before 7.0 may allow an\n authenticated user to potentially enable a denial of\n service via local access.(CVE-2019-0147)In the Linux\n kernel through 5.8.7, local attackers able to inject\n conntrack netlink configuration could overflow a local\n buffer, causing crashes or triggering use of incorrect\n protocol numbers in ctnetlink_parse_tuple_filter in\n net/ netfilter/ nf_conntrack_netlink.c, aka\n CID-1cc5ef91d2ff.(CVE-2020-25211)In the Linux kernel\n before 5.7.8, fs/ nfsd/vfs.c (in the NFS server) can\n set incorrect permissions on new filesystem objects\n when the filesystem lacks ACL support, aka\n CID-22cf8419f131. This occurs because the current umask\n is not considered.(CVE-2020-24394)A flaw was found in\n the Linux kernel before 5.9-rc4. A failure of the file\n system metadata validator in XFS can cause an inode\n with a valid, user-creatable extended attribute to be\n flagged as corrupt. This can lead to the filesystem\n being shutdown, or otherwise rendered inaccessible\n until it is remounted, leading to a denial of service.\n The highest threat from this vulnerability is to system\n availability.(CVE-2020-14385)The rbd block device\n driver in drivers/block/rbd.c in the Linux kernel\n through 5.8.9 used incomplete permission checking for\n access to rbd devices, which could be leveraged by\n local attackers to map or unmap rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)In\n uvc_scan_chain_forward of uvc_driver.c, there is a\n possible linked list corruption due to an unusual root\n cause. This could lead to local escalation of privilege\n in the kernel with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream\n kernel(CVE-2020-0404)A TOCTOU mismatch in the NFS\n client code in the Linux kernel before 5.8.3 could be\n used by local attackers to corrupt memory or possibly\n have unspecified other impact because a size check is\n in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c,\n aka CID-b4487b935452.(CVE-2020-25212)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2151\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?830769f4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bpftool-4.19.36-vhulk1907.1.0.h839.eulerosv2r8.aarch64.rpmC\",\n \"kernel-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\",\n \"kernel-tools-libs-devel-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h839.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:41", "description": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-0404: In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176423).\n\n - CVE-2020-0427: In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free.\n This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176725).\n\n - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176722).\n\n - CVE-2020-0432: In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176721).\n\n - CVE-2020-14385: Fixed a boundary test in xfs_attr_shortform_verify which could lead to crashes (bsc#1176137).\n\n - CVE-2020-14390: When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1176235).\n\n - CVE-2020-2521: Fixed a getxattr kernel panic and memory overflow in NFS4(bsc#1176381).\n\n - CVE-2020-25284: Require global CAP_SYS_ADMIN for mapping and unmapping rbd devices (bsc#1176543).\n\n - CVE-2020-26088: A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a (bnc#1176990).\n\nThe following non-security bugs were fixed :\n\n - ALSA: asihpi: fix iounmap in error handler (git-fixes).\n\n - ALSA: ca0106: fix error code handling (git-fixes).\n\n - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes).\n\n - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes).\n\n - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes).\n\n - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes).\n\n - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes).\n\n - ALSA: hda: fixup headset for ASUS GX502 laptop (git-fixes).\n\n - ALSA: hda: hdmi - add Rocketlake support (git-fixes).\n\n - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes).\n\n - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes).\n\n - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes).\n\n - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes).\n\n - ALSA: hda/realtek - The Mic on a RedmiBook does not work (git-fixes).\n\n - ALSA: hda/tegra: Program WAKEEN register for Tegra (git-fixes).\n\n - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes).\n\n - ALSA: usb-audio: Add basic capture support for Pioneer DJ DJM-250MK2 (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for UR22C (git-fixes).\n\n - ALSA: usb-audio: Disable autosuspend for Lenovo ThinkStation P620 (git-fixes).\n\n - arm64: paravirt: Initialize steal time when cpu is online (bsc#1176833).\n\n - ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt (git-fixes).\n\n - ASoC: img-parallel-out: Fix a reference count leak (git-fixes).\n\n - ASoC: meson: axg-toddr: fix channel order on g12 platforms (git-fixes).\n\n - ASoC: qcom: common: Fix refcount imbalance on error (git-fixes).\n\n - ASoC: qcom: Set card->owner to avoid warnings (git-fixes).\n\n - ASoC: SOF: Intel: add PCI ID for CometLake-S (git-fixes).\n\n - ASoC: tegra: Fix reference count leaks (git-fixes).\n\n - ata: ahci: use ata_link_info() instead of ata_link_printk() (jsc#SLE-14459).\n\n - batman-adv: Add missing include for in_interrupt() (git-fixes).\n\n - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes).\n\n - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes).\n\n - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes).\n\n - batman-adv: Fix own OGM check in aggregated OGMs (git-fixes).\n\n - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (git-fixes).\n\n - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (git-fixes).\n\n - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes).\n\n - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes).\n\n - bcache: allocate meta data pages as compound pages (bsc#1172873).\n\n - bcache: Convert pr_<level> uses to a more typical style (git fixes (block drivers)).\n\n - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)).\n\n - blktrace: fix debugfs use after free (git fixes (block drivers)).\n\n - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)).\n\n - block: check queue's limits.discard_granularity in\n __blkdev_issue_discard() (bsc#1152148).\n\n - block: improve discard bio alignment in\n __blkdev_issue_discard() (bsc#1152148).\n\n - block: revert back to synchronous request_queue removal (git fixes (block drivers)).\n\n - block: Use non _rcu version of list functions for tag_set_list (git-fixes).\n\n - bluetooth: btrtl: Add support for RTL8761B (bsc#1177021).\n\n - bnxt: do not enable NAPI until rings are ready (git-fixes).\n\n - bnxt_en: Check for zero dir entries in NVRAM (git-fixes).\n\n - bnxt_en: Do not query FW when netif_running() is false (git-fixes).\n\n - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29).\n\n - bnxt_en: fix HWRM error when querying VF temperature (git-fixes).\n\n - bnxt_en: Fix PCI AER error recovery flow (git-fixes).\n\n - bnxt_en: Fix possible crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix race when modifying pause settings (networking-stable-20_07_29).\n\n - bonding: check error value of register_netdevice() immediately (networking-stable-20_07_29).\n\n - bonding: check return value of register_netdevice() in bond_newlink() (networking-stable-20_07_29).\n\n - bonding: fix a potential double-unregister (git-fixes).\n\n - bpf: Fix a rcu warning for bpffs map pretty-print (bsc#1155518).\n\n - bpf: map_seq_next should always increase position index (bsc#1155518).\n\n - btrfs: add a leak check for roots (bsc#1176019).\n\n - btrfs: add __cold attribute to more functions (bsc#1176019).\n\n - btrfs: add dedicated members for start and length of a block group (bsc#1176019).\n\n - btrfs: Add read_backup_root (bsc#1176019).\n\n - btrfs: block-group: Refactor btrfs_read_block_groups() (bsc#1176019).\n\n - btrfs: block-group: Reuse the item key from caller of read_one_block_group() (bsc#1176019).\n\n - btrfs: Cleanup and simplify find_newest_super_backup (bsc#1176019).\n\n - btrfs: clear DEAD_RELOC_TREE before dropping the reloc root (bsc#1176019).\n\n - btrfs: do not init a reloc root if we are not relocating (bsc#1176019).\n\n - btrfs: Do not use objectid_mutex during mount (bsc#1176019).\n\n - btrfs: drop block from cache on error in relocation (bsc#1176019).\n\n - btrfs: drop create parameter to btrfs_get_extent() (bsc#1176019).\n\n - btrfs: drop unused parameter is_new from btrfs_iget (bsc#1176019).\n\n - btrfs: export and rename free_fs_info (bsc#1176019).\n\n - btrfs: export and use btrfs_read_tree_root for tree-log (bsc#1176019).\n\n - btrfs: Factor out tree roots initialization during mount (bsc#1176019).\n\n - btrfs: fix setting last_trans for reloc roots (bsc#1176019).\n\n - btrfs: free more things in btrfs_free_fs_info (bsc#1176019).\n\n - btrfs: free the reloc_control in a consistent way (bsc#1176019).\n\n - btrfs: handle NULL roots in btrfs_put/btrfs_grab_fs_root (bsc#1176019).\n\n - btrfs: hold a ref for the root in btrfs_find_orphan_roots (bsc#1176019).\n\n - btrfs: hold a ref on fs roots while they're in the radix tree (bsc#1176019).\n\n - btrfs: hold a ref on the root in btrfs_check_uuid_tree_entry (bsc#1176019).\n\n - btrfs: hold a ref on the root in btrfs_ioctl_get_subvol_info (bsc#1176019).\n\n - btrfs: hold a ref on the root in btrfs_ioctl_send (bsc#1176019).\n\n - btrfs: hold a ref on the root in btrfs_recover_log_trees (bsc#1176019).\n\n - btrfs: hold a ref on the root in btrfs_recover_relocation (bsc#1176019).\n\n - btrfs: hold a ref on the root in\n __btrfs_run_defrag_inode (bsc#1176019).\n\n - btrfs: hold a ref on the root in btrfs_search_path_in_tree (bsc#1176019).\n\n - btrfs: hold a ref on the root in btrfs_search_path_in_tree_user (bsc#1176019).\n\n - btrfs: hold a ref on the root in build_backref_tree (bsc#1176019).\n\n - btrfs: hold a ref on the root in create_pending_snapshot (bsc#1176019).\n\n - btrfs: hold a ref on the root in create_reloc_inode (bsc#1176019).\n\n - btrfs: hold a ref on the root in create_subvol (bsc#1176019).\n\n - btrfs: hold a ref on the root in find_data_references (bsc#1176019).\n\n - btrfs: hold a ref on the root in fixup_tree_root_location (bsc#1176019).\n\n - btrfs: hold a ref on the root in get_subvol_name_from_objectid (bsc#1176019).\n\n - btrfs: hold a ref on the root in merge_reloc_roots (bsc#1176019).\n\n - btrfs: hold a ref on the root in open_ctree (bsc#1176019).\n\n - btrfs: hold a ref on the root in prepare_to_merge (bsc#1176019).\n\n - btrfs: hold a ref on the root in record_reloc_root_in_trans (bsc#1176019).\n\n - btrfs: hold a ref on the root in resolve_indirect_ref (bsc#1176019).\n\n - btrfs: hold a ref on the root in scrub_print_warning_inode (bsc#1176019).\n\n - btrfs: hold a ref on the root in search_ioctl (bsc#1176019).\n\n - btrfs: hold a ref on the root->reloc_root (bsc#1176019).\n\n - btrfs: hold a root ref in btrfs_get_dentry (bsc#1176019).\n\n - btrfs: hold ref on root in btrfs_ioctl_default_subvol (bsc#1176019).\n\n - btrfs: implement full reflink support for inline extents (bsc#1176019).\n\n - btrfs: make btrfs_find_orphan_roots use btrfs_get_fs_root (bsc#1176019).\n\n - btrfs: make relocation use btrfs_read_tree_root() (bsc#1176019).\n\n - btrfs: make the fs root init functions static (bsc#1176019).\n\n - btrfs: make the init of static elements in fs_info separate (bsc#1176019).\n\n - btrfs: move all reflink implementation code into its own file (bsc#1176019).\n\n - btrfs: move block_group_item::flags to block group (bsc#1176019).\n\n - btrfs: move block_group_item::used to block group (bsc#1176019).\n\n - btrfs: move fs_info init work into it's own helper function (bsc#1176019).\n\n - btrfs: move fs root init stuff into btrfs_init_fs_root (bsc#1176019).\n\n - btrfs: open code btrfs_read_fs_root_no_name (bsc#1176019).\n\n - btrfs: push btrfs_grab_fs_root into btrfs_get_fs_root (bsc#1176019).\n\n - btrfs: push grab_fs_root into read_fs_root (bsc#1176019).\n\n - btrfs: push __setup_root into btrfs_alloc_root (bsc#1176019).\n\n - btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#1176019).\n\n - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1176019).\n\n - btrfs: Remove block_rsv parameter from btrfs_drop_snapshot (bsc#1176019).\n\n - btrfs: remove btrfs_read_fs_root, not used anymore (bsc#1176019).\n\n - btrfs: remove embedded block_group_cache::item (bsc#1176019).\n\n - btrfs: Remove newest_gen argument from find_oldest_super_backup (bsc#1176019).\n\n - btrfs: Remove unused next_root_backup function (bsc#1176019).\n\n - btrfs: rename block_group_item on-stack accessors to follow naming (bsc#1176019).\n\n - btrfs: rename btrfs_block_group_cache (bsc#1176019).\n\n - btrfs: rename btrfs_put_fs_root and btrfs_grab_fs_root (bsc#1176019).\n\n - btrfs: rename extent buffer block group item accessors (bsc#1176019).\n\n - btrfs: Rename find_oldest_super_backup to init_backup_root_slot (bsc#1176019).\n\n - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789).\n\n - btrfs: reset tree root pointer after error in init_tree_roots (bsc#1176019).\n\n - btrfs: simplify inline extent handling when doing reflinks (bsc#1176019).\n\n - btrfs: stop clearing EXTENT_DIRTY in inode I/O tree (bsc#1176019).\n\n - btrfs: Streamline btrfs_fs_info::backup_root_index semantics (bsc#1176019).\n\n - btrfs: tree-checker: fix the error message for transid error (bsc#1176788).\n\n - btrfs: unset reloc control if we fail to recover (bsc#1176019).\n\n - btrfs: use bool argument in free_root_pointers() (bsc#1176019).\n\n - btrfs: use btrfs_block_group_cache_done in update_block_group (bsc#1176019).\n\n - btrfs: use btrfs_put_fs_root to free roots always (bsc#1176019).\n\n - ceph: do not allow setlease on cephfs (bsc#1176537).\n\n - ceph: fix potential mdsc use-after-free crash (bsc#1176538).\n\n - ceph: fix use-after-free for fsc->mdsc (bsc#1176539).\n\n - ceph: handle zero-length feature mask in session messages (bsc#1176540).\n\n - ceph: set sec_context xattr on symlink creation (bsc#1176541).\n\n - ceph: use frag's MDS in either mode (bsc#1176542).\n\n - cfg80211: regulatory: reject invalid hints (bsc#1176699).\n\n - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667).\n\n - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242).\n\n - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).\n\n - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).\n\n - clk: davinci: Use the correct size when allocating memory (git-fixes).\n\n - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes).\n\n - cxgb4: fix thermal zone device registration (git-fixes).\n\n - dax: do not print error message for non-persistent memory block device (bsc#1171073).\n\n - dax: print error message by pr_info() in\n __generic_fsdax_supported() (bsc#1171073).\n\n - debugfs: Fix module state check condition (bsc#1173746).\n\n - debugfs: Fix module state check condition (git-fixes).\n\n - dev: Defer free of skbs in flush_backlog (networking-stable-20_07_29).\n\n - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes).\n\n - dmaengine: acpi: Put the CSRT table after using it (git-fixes).\n\n - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes).\n\n - dmaengine: dw-edma: Fix scatter-gather address calculation (git-fixes).\n\n - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes).\n\n - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes).\n\n - dm: do not call report zones for more than the user requested (git fixes (block drivers)).\n\n - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)).\n\n - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)).\n\n - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)).\n\n - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)).\n\n - dm zoned: assign max_io_len correctly (git fixes (block drivers)).\n\n - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (networking-stable-20_08_08).\n\n - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1175996).\n\n - driver-core: Introduce DEVICE_ATTR_ADMIN_(RO,RW) (bsc#1176486 ltc#188130).\n\n - drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877).\n\n - drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes).\n\n - drivers: hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume() (git-fixes).\n\n - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29).\n\n - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes).\n\n - drm/amd/display: Switch to immediate mode for updating infopackets (git-fixes).\n\n - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes).\n\n - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes).\n\n - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config (git-fixes).\n\n - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes).\n\n - drm/amdgpu/gfx10: refine mgcg setting (git-fixes).\n\n - drm/amdkfd: Fix reference count leaks (git-fixes).\n\n - drm/amd/pm: correct the thermal alert temperature limit settings (git-fixes).\n\n - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes).\n\n - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes).\n\n - drm/amd/pm: correct Vega20 swctf limit setting (git-fixes).\n\n - drm/amd/powerplay: correct UVD/VCE PG state on custom pptable uploading (git-fixes).\n\n - drm/amd/powerplay: correct Vega20 cached smu feature state (git-fixes).\n\n - drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (git-fixes).\n\n - drm/ast: Initialize DRAM type before posting GPU (bsc#1152472)\n\n - drm/mgag200: Remove declaration of mgag200_mmap() from header file (bsc#1152472)\n\n - drm/msm/a6xx: fix crashdec section name typo (git-fixes).\n\n - drm/msm/adreno: fix updating ring fence (git-fixes).\n\n - drm/msm/gpu: make ringbuffer readonly (git-fixes).\n\n - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes).\n\n - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes).\n\n - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes).\n\n - drm/radeon: fix multiple reference count leak (git-fixes).\n\n - drm/radeon: Prefer lower feedback dividers (git-fixes).\n\n - drm/sched: Fix passing zero to 'PTR_ERR' warning v2 (git-fixes).\n\n - drm/sun4i: add missing put_device() call in (bsc#1152472)\n\n - drm/sun4i: backend: Disable alpha on the lowest plane on the A20 (bsc#1152472)\n\n - drm/sun4i: backend: Support alpha property on lowest plane (bsc#1152472)\n\n - drm/sun4i: Fix dsi dcs long write function (bsc#1152472)\n\n - drm/virtio: fix missing dma_fence_put() in (bsc#1152489)\n\n - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600).\n\n - EDAC/amd64: Add AMD family 17h model 60h PCI IDs (bsc#1152489).\n\n - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1152489).\n\n - EDAC: Fix reference count leaks (bsc#1152489).\n\n - efi: Add support for EFI_RT_PROPERTIES table (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - efi: avoid error message when booting under Xen (bsc#1172419).\n\n - efi/efivars: Expose RT service availability via efivars abstraction (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - efi: libstub/tpm: enable tpm eventlog function for ARM platforms (bsc#1173267).\n\n - efi: Mark all EFI runtime services as unsupported on non-EFI boot (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - efi: Register EFI rtc platform device only when available (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - efi: Store mask of supported runtime services in struct efi (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - efi: Use EFI ResetSystem only when available (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - efi: Use more granular check for availability for variable services (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - enetc: Remove the mdio bus on PF probe bailout (networking-stable-20_07_29).\n\n - epoll: atomically remove wait entry on wake up (bsc#1176236).\n\n - epoll: call final ep_events_available() check under the lock (bsc#1176237).\n\n - ext4: handle read only external journal device (bsc#1176063).\n\n - fbcon: prevent user font height or width change from causing potential out-of-bounds access (git-fixes).\n\n - fbmem: pull fbcon_update_vcs() out of fb_set_var() (git-fixes).\n\n - felix: Fix initialization of ioremap resources (bsc#1175997).\n\n - Fix build error when CONFIG_ACPI is not set/enabled:\n (bsc#1065600).\n\n - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes).\n\n - HID: core: Add printk_once variants to hid_warn() etc (bsc#1176775).\n\n - HID: core: Correctly handle ReportSize being zero (git-fixes).\n\n - HID: core: fix dmesg flooding if report field larger than 32bit (bsc#1176775).\n\n - HID: core: reformat and reduce hid_printk macros (bsc#1176775).\n\n - HID: core: Sanitize event code and type when mapping input (git-fixes).\n\n - HID: elan: Fix memleak in elan_input_configured (git-fixes).\n\n - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes).\n\n - HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands (git-fixes).\n\n - HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller (git-fixes).\n\n - HID: quirks: add NOGET quirk for Logitech GROUP (git-fixes).\n\n - HID: quirks: Always poll three more Lenovo PixArt mice (git-fixes).\n\n - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices (git-fixes).\n\n - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659).\n\n - hv_netvsc: do not use VF device if link is down (git-fixes).\n\n - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes).\n\n - hv_netvsc: Remove 'unlikely' from netvsc_select_queue (git-fixes).\n\n - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877).\n\n - hv_utils: return error if host timesysnc update is stale (bsc#1176877).\n\n - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes).\n\n - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes).\n\n - i2c: i801: Fix resume bug (git-fixes).\n\n - i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK (git-fixes).\n\n - i2c: rcar: in slave mode, clear NACK earlier (git-fixes).\n\n - i40e: Fix crash during removing i40e driver (git-fixes).\n\n - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes).\n\n - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).\n\n - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes).\n\n - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio:accel:mma8452: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes).\n\n - iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes).\n\n - iio: adc: mcp3422: fix locking on error path (git-fixes).\n\n - iio: adc: mcp3422: fix locking scope (git-fixes).\n\n - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes).\n\n - iio:adc:ti-adc084s021 Fix alignment and data leak issues (git-fixes).\n\n - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes).\n\n - iio:chemical:ccs811: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes).\n\n - iio:light:ltr501 Fix timestamp alignment issue (git-fixes).\n\n - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes).\n\n - iio:proximity:mb1232: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - include/asm-generic/vmlinux.lds.h: align ro_after_init (git-fixes).\n\n - include/linux/bitops.h: avoid clang shift-count-overflow warnings (git-fixes).\n\n - include/linux/poison.h: remove obsolete comment (git-fixes).\n\n - infiniband: hfi1: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - initramfs: remove clean_rootfs (git-fixes).\n\n - initramfs: remove the populate_initrd_image and clean_rootfs stubs (git-fixes).\n\n - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes).\n\n - Input: trackpoint - add new trackpoint variant IDs (git-fixes).\n\n - integrity: Check properly whether EFI GetVariable() is available (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - iommu/amd: Do not force direct mapping when SME is active (bsc#1174358).\n\n - iommu/amd: Do not use IOMMUv2 functionality when SME is active (bsc#1174358).\n\n - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176357).\n\n - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176358).\n\n - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176359).\n\n - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176360).\n\n - iommu/vt-d: Fix PASID devTLB invalidation (bsc#1176361).\n\n - iommu/vt-d: Handle 36bit addressing for x86-32 (bsc#1176362).\n\n - iommu/vt-d: Handle non-page aligned address (bsc#1176367).\n\n - iommu/vt-d: Remove global page support in devTLB flush (bsc#1176363).\n\n - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176364).\n\n - iommu/vt-d: Support flushing more translation cache types (bsc#1176365).\n\n - ipv4: Silence suspicious RCU usage warning (networking-stable-20_08_08).\n\n - ipv6: fix memory leaks on IPV6_ADDRFORM path (networking-stable-20_08_08).\n\n - ipv6: Fix nexthop refcnt leak when creating ipv6 route info (networking-stable-20_08_08).\n\n - irqdomain/treewide: Free firmware node after domain removal (git-fixes).\n\n - irqdomain/treewide: Keep firmware node unconditionally allocated (git-fixes).\n\n - kABI: Fix kABI after EFI_RT_PROPERTIES table backport (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - kABI: net: dsa: microchip: call phy_remove_link_mode during probe (kabi).\n\n - kabi/severities: ignore kABI for net/ethernet/mscc/ References: bsc#1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/ are only used by drivers/net/dsa/ocelot/\n\n - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)).\n\n - kernel-syms.spec.in: Also use bz compression (boo#1175882).\n\n - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks (jsc#SLE-14459).\n\n - libbpf: Fix readelf output parsing for Fedora (bsc#1155518).\n\n - libbpf: Fix readelf output parsing on powerpc with recent binutils (bsc#1155518).\n\n - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742).\n\n - libnvdimm: cover up struct nvdimm changes (bsc#1171742).\n\n - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527).\n\n - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742).\n\n - livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly.\n\n - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)).\n\n - media: cedrus: Add missing v4l2_ctrl_request_hdl_put() (git-fixes).\n\n - media: davinci: vpif_capture: fix potential double free (git-fixes).\n\n - media: gpio-ir-tx: improve precision of transmitted signal due to scheduling (git-fixes).\n\n - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes).\n\n - mei: fix CNL itouch device number to match the spec (bsc#1175952).\n\n - mei: me: disable mei interface on LBG servers (bsc#1175952).\n\n - mei: me: disable mei interface on Mehlow server platforms (bsc#1175952).\n\n - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes).\n\n - mlx4: disable device on shutdown (git-fixes).\n\n - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (networking-stable-20_07_29).\n\n - mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings (git-fixes).\n\n - mmc: mediatek: add optional module reset property (git-fixes).\n\n - mmc: sdhci-acpi: Clear amd_sdhci_host on reset (git-fixes).\n\n - mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 (git-fixes).\n\n - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes).\n\n - mmc: sdhci-of-esdhc: Do not walk device-tree on every interrupt (git-fixes).\n\n - mmc: sdio: Use mmc_pre_req() / mmc_post_req() (git-fixes).\n\n - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)).\n\n - mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/pgalloc)).\n\n - mm/page_alloc: silence a KASAN false positive (git fixes (mm/pgalloc)).\n\n - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)).\n\n - mm/shuffle: do not move pages between zones and do not read garbage memmaps (git fixes (mm/pgalloc)).\n\n - mm/sparse: rename pfn_present() to pfn_in_present_section() (git fixes (mm/pgalloc)).\n\n - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)).\n\n - move to sorted section:\n patches.suse/x86-asm-64-Align-start-of-__clear_user-loop\n -to-16-by.patch\n\n - net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration (networking-stable-20_07_29).\n\n - net: dsa: felix: send VLANs on CPU port as egress-tagged (bsc#1175998).\n\n - net: dsa: microchip: call phy_remove_link_mode during probe (networking-stable-20_07_29).\n\n - net: dsa: ocelot: the MAC table on Felix is twice as large (bsc#1175999).\n\n - net: enetc: fix an issue about leak system resources (bsc#1176000).\n\n - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes).\n\n - net: ethernet: mtk_eth_soc: fix MTU warnings (networking-stable-20_08_08).\n\n - netfilter: ipset: Fix forceadd evaluation path (bsc#1176587).\n\n - net: Fix potential memory leak in proto_register() (networking-stable-20_08_15).\n\n - net: gre: recompute gre csum for sctp over gre tunnels (networking-stable-20_08_08).\n\n - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15).\n\n - net: mscc: ocelot: fix untagged packet drops when enslaving to vlan aware bridge (bsc#1176001).\n\n - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15).\n\n - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15).\n\n - net: sched: initialize with 0 before setting erspan md->u (bsc#1154353).\n\n - net: Set fput_needed iff FDPUT_FPUT is set (networking-stable-20_08_15).\n\n - net/smc: put slot when connection is killed (git-fixes).\n\n - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29).\n\n - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (networking-stable-20_08_08).\n\n - net/tls: Fix kmap usage (networking-stable-20_08_15).\n\n - net: udp: Fix wrong clean up for IS_UDPLITE macro (networking-stable-20_07_29).\n\n - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes).\n\n - nvme-fc: set max_segments to lldd max value (bsc#1176038).\n\n - nvme-pci: override the value of the controller's numa node (bsc#1176507).\n\n - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232).\n\n - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes).\n\n - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (networking-stable-20_08_08).\n\n - PCI: Add device even if driver attach failed (git-fixes).\n\n - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect (git-fixes).\n\n - PCI: Fix pci_create_slot() reference count leak (git-fixes).\n\n - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (git-fixes).\n\n - platform/x86: dcdbas: Check SMBIOS for protected buffer address (jsc#SLE-14407).\n\n - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes).\n\n - powerpc/64: mark emergency stacks valid to unwind (bsc#1156395).\n\n - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122).\n\n - powerpc/64s: machine check interrupt update NMI accounting (bsc#1094244 ltc#168122).\n\n - powerpc: Add cputime_to_nsecs() (bsc#1065729).\n\n - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436 jsc#SLE-13512).\n\n - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208).\n\n - powerpc: Do not flush caches when adding memory (bsc#1176980 ltc#187962).\n\n - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122).\n\n - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729).\n\n - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588).\n\n - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436 jsc#SLE-13512).\n\n - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588).\n\n - powerpc/mm/radix: Create separate mappings for hot-plugged memory (bsc#1055186 ltc#153436).\n\n - powerpc/mm/radix: Fix PTE/PMD fragment count for early page table mappings (bsc#1055186 ltc#153436).\n\n - powerpc/mm/radix: Free PUD table when freeing pagetable (bsc#1055186 ltc#153436).\n\n - powerpc/mm/radix: Remove split_kernel_mapping() (bsc#1055186 ltc#153436).\n\n - powerpc/numa: Early request for home node associativity (bsc#1171068 ltc#183935).\n\n - powerpc/numa: Offline memoryless cpuless node 0 (bsc#1171068 ltc#183935).\n\n - powerpc/numa: Prefer node id queried from vphn (bsc#1171068 ltc#183935).\n\n - powerpc/numa: Set numa_node for all possible cpus (bsc#1171068 ltc#183935).\n\n - powerpc/numa: Use cpu node map of first sibling thread (bsc#1171068 ltc#183935).\n\n - powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute (bsc#1176486 ltc#188130).\n\n - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1156395).\n\n - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436 jsc#SLE-13512).\n\n - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122).\n\n - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122).\n\n - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122).\n\n - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122).\n\n - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122).\n\n - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122).\n\n - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122).\n\n - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122).\n\n - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729).\n\n - qrtr: orphan socket in qrtr_release() (networking-stable-20_07_29).\n\n - RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1173017).\n\n - RDMA/bnxt_re: Fix the qp table indexing (bsc#1173017).\n\n - RDMA/bnxt_re: Remove set but not used variable 'qplib_ctx' (bsc#1170774).\n\n - RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds (bsc#1170774).\n\n - RDMA/bnxt_re: Restrict the max_gids to 256 (bsc#1173017).\n\n - RDMA/bnxt_re: Static NQ depth allocation (bsc#1170774).\n\n - RDMA/mlx4: Read pkey table length instead of hardcoded value (git-fixes).\n\n - RDMA/siw: Suppress uninitialized var warning (jsc#SLE-8381).\n\n - regulator: core: Fix slab-out-of-bounds in regulator_unlock_recursive() (git-fixes).\n\n - regulator: fix memory leak on error path of regulator_register() (git-fixes).\n\n - regulator: plug of_node leak in regulator_register()'s error path (git-fixes).\n\n - regulator: push allocation in regulator_ena_gpio_request() out of lock (git-fixes).\n\n - regulator: push allocation in regulator_init_coupling() outside of lock (git-fixes).\n\n - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes).\n\n - regulator: push allocations in create_regulator() outside of lock (git-fixes).\n\n - regulator: pwm: Fix machine constraints application (git-fixes).\n\n - regulator: remove superfluous lock in regulator_resolve_coupling() (git-fixes).\n\n - Remove patch causing regression (bsc#1094244 ltc#168122).\n\n - Revert 'ALSA: hda: Add support for Loongson 7A1000 controller' (git-fixes).\n\n - Revert 'ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO' (git-fixes).\n\n - Revert 'ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control' (git-fixes).\n\n - Revert 'crypto: chelsio - Inline single pdu only' (git-fixes).\n\n - Revert 'xen/balloon: Fix crash when ballooning on x86 32 bit PAE' (bsc#1065600).\n\n - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243).\n\n - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732)\n\n - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618).\n\n - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882).\n\n - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The '-c' option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file.\n\n - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes).\n\n - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08).\n\n - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29).\n\n - s390: Change s390_kernel_write() return type to match memcpy() (bsc#1176449). Prerequisite for bsc#1176449.\n\n - s390/dasd: fix inability to use DASD with DIAG driver (git-fixes).\n\n - s390: fix GENERIC_LOCKBREAK dependency typo in Kconfig (git-fixes).\n\n - s390/maccess: add no DAT mode to kernel_write (bsc#1176449).\n\n - s390/mm: fix huge pte soft dirty copying (git-fixes).\n\n - s390/qeth: do not process empty bridge port events (git-fixes).\n\n - s390/qeth: integrate RX refill worker with NAPI (git-fixes).\n\n - s390/qeth: tolerate pre-filled RX buffer (git-fixes).\n\n - s390/setup: init jump labels before command line parsing (git-fixes).\n\n - sbitmap: Consider cleared bits in sbitmap_bitmap_show() (git fixes (block drivers)).\n\n - sched: Add a tracepoint to track rq->nr_running (bnc#1155798 (CPU scheduler functional and performance backports)).\n\n - sched: Better document ttwu() (bnc#1155798 (CPU scheduler functional and performance backports)).\n\n - sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler functional and performance backports)).\n\n - sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU scheduler functional and performance backports)).\n\n - sched/debug: Fix the alignment of the show-state debug output (bnc#1155798 (CPU scheduler functional and performance backports)).\n\n - sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)).\n\n - sched/fair: Remove unused 'sd' parameter from scale_rt_capacity() (bnc#1155798 (CPU scheduler functional and performance backports)).\n\n - sched/fair: update_pick_idlest() Select group with lowest group_util when idle_cpus are equal (bnc#1155798 (CPU scheduler functional and performance backports)).\n\n - sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU scheduler functional and performance backports)).\n\n - sched: nohz: stop passing around unused 'ticks' parameter (bnc#1155798 (CPU scheduler functional and performance backports)).\n\n - sched/pelt: Remove redundant cap_scale() definition (bnc#1155798 (CPU scheduler functional and performance backports)).\n\n - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899).\n\n - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304).\n\n - scsi: ibmvfc: Use compiler attribute defines instead of\n __attribute__() (bsc#1176962 ltc#188304).\n\n - scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - scsi: libfc: Fix for double free() (bsc#1174899).\n\n - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899).\n\n - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes).\n\n - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Correct some pretty obvious misdocumentation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes).\n\n - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bcs#1173060 bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n Replace patches.suse/lpfc-synchronize-nvme-transport-and-lpfc-dr iver-devloss_tmo.patch with upstream version of the fix.\n\n - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: qla2xxx: Fix regression on sparc64 (git-fixes).\n\n - scsi: qla2xxx: Fix the return value (bsc#1171688).\n\n - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688).\n\n - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688).\n\n - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688).\n\n - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688).\n\n - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688).\n\n - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688).\n\n - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688).\n\n - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688).\n\n - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688).\n\n - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes).\n\n - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688).\n\n - scsi: zfcp: Fix use-after-free in request timeout handlers (git-fixes).\n\n - sctp: shrink stream outq only when new outcnt < old outcnt (networking-stable-20_07_29).\n\n - sctp: shrink stream outq when fails to do addstream reconf (networking-stable-20_07_29).\n\n - sdhci: tegra: Add missing TMCLK for data timeout (git-fixes).\n\n - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes).\n\n - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes).\n\n - selftests/net: relax cpu affinity requirement in msg_zerocopy test (networking-stable-20_08_08).\n\n - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes).\n\n - Set VIRTIO_CONSOLE=y (bsc#1175667).\n\n - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).\n\n - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546).\n\n - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559).\n\n - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545).\n\n - smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548).\n\n - soundwire: fix double free of dangling pointer (git-fixes).\n\n - spi: Fix memory leak on splited transfers (git-fixes).\n\n - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes).\n\n - spi: stm32: always perform registers configuration prior to transfer (git-fixes).\n\n - spi: stm32: clear only asserted irq flags on interrupt (git-fixes).\n\n - spi: stm32: fix fifo threshold level in case of short transfer (git-fixes).\n\n - spi: stm32: fix pm_runtime_get_sync() error checking (git-fixes).\n\n - spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate (git-fixes).\n\n - spi: stm32h7: fix race condition at end of transfer (git-fixes).\n\n - taprio: Fix using wrong queues in gate mask (bsc#1154353).\n\n - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08).\n\n - tcp: correct read of TFO keys on big endian systems (networking-stable-20_08_15).\n\n - test_kmod: avoid potential double free in trigger_config_run_type() (git-fixes).\n\n - tg3: Fix soft lockup when tg3_reset_task() fails (git-fixes).\n\n - thermal: qcom-spmi-temp-alarm: Do not suppress negative temp (git-fixes).\n\n - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes).\n\n - tracing: fix double free (git-fixes).\n\n - Update patches.suse/btrfs-add-dedicated-members-for-start-and-l ength-of-.patch (bsc#1176019).\n\n - Update patches.suse/btrfs-Move-free_pages_out-label-in-inline-e xtent-han.patch (bsc#1174484).\n\n - update to September 2020 maintenance update submission (commit 8bb516dc7a0a)\n\n - USB: cdc-acm: rework notification_buffer resizing (git-fixes).\n\n - usb: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes).\n\n - usb: Fix out of sync data toggle if a configured device is reconfigured (git-fixes).\n\n - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes).\n\n - usb: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes).\n\n - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes).\n\n - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes).\n\n - usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes).\n\n - usb: host: xhci: fix ep context print mismatch in debugfs (git-fixes).\n\n - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes).\n\n - USB: lvtest: return proper error code in probe (git-fixes).\n\n - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes).\n\n - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes).\n\n - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes).\n\n - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes).\n\n - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes).\n\n - USB: serial: ftdi_sio: clean up receive processing (git-fixes).\n\n - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes).\n\n - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes).\n\n - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes).\n\n - USB: serial: option: support dynamic Quectel USB compositions (git-fixes).\n\n - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes).\n\n - usb: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes).\n\n - usb: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes).\n\n - usb: typec: ucsi: Prevent mode overrun (git-fixes).\n\n - usb: uas: Add quirk for PNY Pro Elite (git-fixes).\n\n - USB: UAS: fix disconnect by unplugging a hub (git-fixes).\n\n - USB: yurex: Fix bad gfp argument (git-fixes).\n\n - vfio-pci: Avoid recursive read-lock usage (bsc#1176366).\n\n - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)).\n\n - virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes).\n\n - vsock/virtio: annotate 'the_virtio_vsock' RCU pointer (networking-stable-20_07_29).\n\n - vt: defer kfree() of vc_screenbuf in vc_do_resize() (git-fixes).\n\n - vxlan: Ensure FDB dump is performed under RCU (networking-stable-20_08_08).\n\n - wireguard: noise: take lock when removing handshake entry from table (git-fixes).\n\n - wireguard: peerlookup: take lock before checking hash in replace operation (git-fixes).\n\n - workqueue: require CPU hotplug read exclusion for apply_workqueue_attrs (bsc#1176763).\n\n - x86/hotplug: Silence APIC only after all interrupts are migrated (git-fixes).\n\n - x86/ima: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1152489).\n\n - x86, sched: Bail out of frequency invariance if turbo_freq/base_freq gives 0 (bsc#1176925).\n\n - x86, sched: Bail out of frequency invariance if turbo frequency is unknown (bsc#1176925).\n\n - x86, sched: check for counters overflow in frequency invariant accounting (bsc#1176925).\n\n - x86/stacktrace: Fix reliable check for empty user task stacks (bsc#1058115).\n\n - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115).\n\n - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600).\n\n - xen/balloon: make the balloon wait interruptible (bsc#1065600).\n\n - xen: do not reschedule in preemption off sections (bsc#1175749).\n\n - xen/gntdev: Fix dmabuf import with non-zero sgt offset (bsc#1065600).\n\n - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600).\n\n - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed (git-fixes).\n\n - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes).", "cvss3": {}, "published": "2020-10-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-1586)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-14385", "CVE-2020-14390", "CVE-2020-2521", "CVE-2020-25284", "CVE-2020-26088"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo", "p-cpe:/a:novell:opensuse:kernel-preempt-debugsource", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1586.NASL", "href": "https://www.tenable.com/plugins/nessus/141161", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1586.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141161);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-0404\", \"CVE-2020-0427\", \"CVE-2020-0431\", \"CVE-2020-0432\", \"CVE-2020-14385\", \"CVE-2020-14390\", \"CVE-2020-2521\", \"CVE-2020-25284\", \"CVE-2020-26088\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-1586)\");\n script_summary(english:\"Check for the openSUSE-2020-1586 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.2 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-0404: In uvc_scan_chain_forward of\n uvc_driver.c, there is a possible linked list corruption\n due to an unusual root cause. This could lead to local\n escalation of privilege in the kernel with no additional\n execution privileges needed. User interaction is not\n needed for exploitation (bnc#1176423).\n\n - CVE-2020-0427: In create_pinctrl of core.c, there is a\n possible out of bounds read due to a use after free.\n This could lead to local information disclosure with no\n additional execution privileges needed. User interaction\n is not needed for exploitation (bnc#1176725).\n\n - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a\n possible out of bounds write due to a missing bounds\n check. This could lead to local escalation of privilege\n with no additional execution privileges needed. User\n interaction is not needed for exploitation\n (bnc#1176722).\n\n - CVE-2020-0432: In skb_to_mamac of networking.c, there is\n a possible out of bounds write due to an integer\n overflow. This could lead to local escalation of\n privilege with no additional execution privileges\n needed. User interaction is not needed for exploitation\n (bnc#1176721).\n\n - CVE-2020-14385: Fixed a boundary test in\n xfs_attr_shortform_verify which could lead to crashes\n (bsc#1176137).\n\n - CVE-2020-14390: When changing screen size, an\n out-of-bounds memory write can occur leading to memory\n corruption or a denial of service. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled out\n (bnc#1176235).\n\n - CVE-2020-2521: Fixed a getxattr kernel panic and memory\n overflow in NFS4(bsc#1176381).\n\n - CVE-2020-25284: Require global CAP_SYS_ADMIN for mapping\n and unmapping rbd devices (bsc#1176543).\n\n - CVE-2020-26088: A missing CAP_NET_RAW check in NFC\n socket creation in net/nfc/rawsock.c could be used by\n local attackers to create raw sockets, bypassing\n security mechanisms, aka CID-26896f01467a (bnc#1176990).\n\nThe following non-security bugs were fixed :\n\n - ALSA: asihpi: fix iounmap in error handler (git-fixes).\n\n - ALSA: ca0106: fix error code handling (git-fixes).\n\n - ALSA: firewire-digi00x: exclude Avid Adrenaline from\n detection (git-fixes).\n\n - ALSA; firewire-tascam: exclude Tascam FE-8 from\n detection (git-fixes).\n\n - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes).\n\n - ALSA: hda: fix a runtime pm issue in SOF when integrated\n GPU is disabled (git-fixes).\n\n - ALSA: hda - Fix silent audio output and corrupted input\n on MSI X570-A PRO (git-fixes).\n\n - ALSA: hda: fixup headset for ASUS GX502 laptop\n (git-fixes).\n\n - ALSA: hda: hdmi - add Rocketlake support (git-fixes).\n\n - ALSA: hda/hdmi: always check pin power status in i915\n pin fixup (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion\n NT950XCJ-X716A (git-fixes).\n\n - ALSA: hda/realtek - Couldn't detect Mic if booting with\n headset plugged (git-fixes).\n\n - ALSA: hda/realtek: Enable front panel headset LED on\n Lenovo ThinkStation P520 (git-fixes).\n\n - ALSA: hda/realtek - Improved routing for Thinkpad X1\n 7th/8th Gen (git-fixes).\n\n - ALSA: hda/realtek - The Mic on a RedmiBook does not work\n (git-fixes).\n\n - ALSA: hda/tegra: Program WAKEEN register for Tegra\n (git-fixes).\n\n - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw\n sanity check (git-fixes).\n\n - ALSA: usb-audio: Add basic capture support for Pioneer\n DJ DJM-250MK2 (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for H570e USB headsets\n (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for UR22C\n (git-fixes).\n\n - ALSA: usb-audio: Disable autosuspend for Lenovo\n ThinkStation P620 (git-fixes).\n\n - arm64: paravirt: Initialize steal time when cpu is\n online (bsc#1176833).\n\n - ASoC: img: Fix a reference count leak in\n img_i2s_in_set_fmt (git-fixes).\n\n - ASoC: img-parallel-out: Fix a reference count leak\n (git-fixes).\n\n - ASoC: meson: axg-toddr: fix channel order on g12\n platforms (git-fixes).\n\n - ASoC: qcom: common: Fix refcount imbalance on error\n (git-fixes).\n\n - ASoC: qcom: Set card->owner to avoid warnings\n (git-fixes).\n\n - ASoC: SOF: Intel: add PCI ID for CometLake-S\n (git-fixes).\n\n - ASoC: tegra: Fix reference count leaks (git-fixes).\n\n - ata: ahci: use ata_link_info() instead of\n ata_link_printk() (jsc#SLE-14459).\n\n - batman-adv: Add missing include for in_interrupt()\n (git-fixes).\n\n - batman-adv: Avoid uninitialized chaddr when handling\n DHCP (git-fixes).\n\n - batman-adv: bla: fix type misuse for backbone_gw hash\n indexing (git-fixes).\n\n - batman-adv: bla: use netif_rx_ni when not in interrupt\n context (git-fixes).\n\n - batman-adv: Fix own OGM check in aggregated OGMs\n (git-fixes).\n\n - batman-adv: mcast: fix duplicate mcast packets from BLA\n backbone to mesh (git-fixes).\n\n - batman-adv: mcast: fix duplicate mcast packets in BLA\n backbone from LAN (git-fixes).\n\n - batman-adv: mcast: fix duplicate mcast packets in BLA\n backbone from mesh (git-fixes).\n\n - batman-adv: mcast/TT: fix wrongly dropped or rerouted\n packets (git-fixes).\n\n - bcache: allocate meta data pages as compound pages\n (bsc#1172873).\n\n - bcache: Convert pr_<level> uses to a more typical style\n (git fixes (block drivers)).\n\n - bitfield.h: do not compile-time validate _val in\n FIELD_FIT (git fixes (bitfield)).\n\n - blktrace: fix debugfs use after free (git fixes (block\n drivers)).\n\n - block: add docs for gendisk / request_queue refcount\n helpers (git fixes (block drivers)).\n\n - block: check queue's limits.discard_granularity in\n __blkdev_issue_discard() (bsc#1152148).\n\n - block: improve discard bio alignment in\n __blkdev_issue_discard() (bsc#1152148).\n\n - block: revert back to synchronous request_queue removal\n (git fixes (block drivers)).\n\n - block: Use non _rcu version of list functions for\n tag_set_list (git-fixes).\n\n - bluetooth: btrtl: Add support for RTL8761B\n (bsc#1177021).\n\n - bnxt: do not enable NAPI until rings are ready\n (git-fixes).\n\n - bnxt_en: Check for zero dir entries in NVRAM\n (git-fixes).\n\n - bnxt_en: Do not query FW when netif_running() is false\n (git-fixes).\n\n - bnxt_en: Fix completion ring sizing with TPA enabled\n (networking-stable-20_07_29).\n\n - bnxt_en: fix HWRM error when querying VF temperature\n (git-fixes).\n\n - bnxt_en: Fix PCI AER error recovery flow (git-fixes).\n\n - bnxt_en: Fix possible crash in bnxt_fw_reset_task()\n (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix race when modifying pause settings\n (networking-stable-20_07_29).\n\n - bonding: check error value of register_netdevice()\n immediately (networking-stable-20_07_29).\n\n - bonding: check return value of register_netdevice() in\n bond_newlink() (networking-stable-20_07_29).\n\n - bonding: fix a potential double-unregister (git-fixes).\n\n - bpf: Fix a rcu warning for bpffs map pretty-print\n (bsc#1155518).\n\n - bpf: map_seq_next should always increase position index\n (bsc#1155518).\n\n - btrfs: add a leak check for roots (bsc#1176019).\n\n - btrfs: add __cold attribute to more functions\n (bsc#1176019).\n\n - btrfs: add dedicated members for start and length of a\n block group (bsc#1176019).\n\n - btrfs: Add read_backup_root (bsc#1176019).\n\n - btrfs: block-group: Refactor btrfs_read_block_groups()\n (bsc#1176019).\n\n - btrfs: block-group: Reuse the item key from caller of\n read_one_block_group() (bsc#1176019).\n\n - btrfs: Cleanup and simplify find_newest_super_backup\n (bsc#1176019).\n\n - btrfs: clear DEAD_RELOC_TREE before dropping the reloc\n root (bsc#1176019).\n\n - btrfs: do not init a reloc root if we are not relocating\n (bsc#1176019).\n\n - btrfs: Do not use objectid_mutex during mount\n (bsc#1176019).\n\n - btrfs: drop block from cache on error in relocation\n (bsc#1176019).\n\n - btrfs: drop create parameter to btrfs_get_extent()\n (bsc#1176019).\n\n - btrfs: drop unused parameter is_new from btrfs_iget\n (bsc#1176019).\n\n - btrfs: export and rename free_fs_info (bsc#1176019).\n\n - btrfs: export and use btrfs_read_tree_root for tree-log\n (bsc#1176019).\n\n - btrfs: Factor out tree roots initialization during mount\n (bsc#1176019).\n\n - btrfs: fix setting last_trans for reloc roots\n (bsc#1176019).\n\n - btrfs: free more things in btrfs_free_fs_info\n (bsc#1176019).\n\n - btrfs: free the reloc_control in a consistent way\n (bsc#1176019).\n\n - btrfs: handle NULL roots in btrfs_put/btrfs_grab_fs_root\n (bsc#1176019).\n\n - btrfs: hold a ref for the root in\n btrfs_find_orphan_roots (bsc#1176019).\n\n - btrfs: hold a ref on fs roots while they're in the radix\n tree (bsc#1176019).\n\n - btrfs: hold a ref on the root in\n btrfs_check_uuid_tree_entry (bsc#1176019).\n\n - btrfs: hold a ref on the root in\n btrfs_ioctl_get_subvol_info (bsc#1176019).\n\n - btrfs: hold a ref on the root in btrfs_ioctl_send\n (bsc#1176019).\n\n - btrfs: hold a ref on the root in btrfs_recover_log_trees\n (bsc#1176019).\n\n - btrfs: hold a ref on the root in\n btrfs_recover_relocation (bsc#1176019).\n\n - btrfs: hold a ref on the root in\n __btrfs_run_defrag_inode (bsc#1176019).\n\n - btrfs: hold a ref on the root in\n btrfs_search_path_in_tree (bsc#1176019).\n\n - btrfs: hold a ref on the root in\n btrfs_search_path_in_tree_user (bsc#1176019).\n\n - btrfs: hold a ref on the root in build_backref_tree\n (bsc#1176019).\n\n - btrfs: hold a ref on the root in create_pending_snapshot\n (bsc#1176019).\n\n - btrfs: hold a ref on the root in create_reloc_inode\n (bsc#1176019).\n\n - btrfs: hold a ref on the root in create_subvol\n (bsc#1176019).\n\n - btrfs: hold a ref on the root in find_data_references\n (bsc#1176019).\n\n - btrfs: hold a ref on the root in\n fixup_tree_root_location (bsc#1176019).\n\n - btrfs: hold a ref on the root in\n get_subvol_name_from_objectid (bsc#1176019).\n\n - btrfs: hold a ref on the root in merge_reloc_roots\n (bsc#1176019).\n\n - btrfs: hold a ref on the root in open_ctree\n (bsc#1176019).\n\n - btrfs: hold a ref on the root in prepare_to_merge\n (bsc#1176019).\n\n - btrfs: hold a ref on the root in\n record_reloc_root_in_trans (bsc#1176019).\n\n - btrfs: hold a ref on the root in resolve_indirect_ref\n (bsc#1176019).\n\n - btrfs: hold a ref on the root in\n scrub_print_warning_inode (bsc#1176019).\n\n - btrfs: hold a ref on the root in search_ioctl\n (bsc#1176019).\n\n - btrfs: hold a ref on the root->reloc_root (bsc#1176019).\n\n - btrfs: hold a root ref in btrfs_get_dentry\n (bsc#1176019).\n\n - btrfs: hold ref on root in btrfs_ioctl_default_subvol\n (bsc#1176019).\n\n - btrfs: implement full reflink support for inline extents\n (bsc#1176019).\n\n - btrfs: make btrfs_find_orphan_roots use\n btrfs_get_fs_root (bsc#1176019).\n\n - btrfs: make relocation use btrfs_read_tree_root()\n (bsc#1176019).\n\n - btrfs: make the fs root init functions static\n (bsc#1176019).\n\n - btrfs: make the init of static elements in fs_info\n separate (bsc#1176019).\n\n - btrfs: move all reflink implementation code into its own\n file (bsc#1176019).\n\n - btrfs: move block_group_item::flags to block group\n (bsc#1176019).\n\n - btrfs: move block_group_item::used to block group\n (bsc#1176019).\n\n - btrfs: move fs_info init work into it's own helper\n function (bsc#1176019).\n\n - btrfs: move fs root init stuff into btrfs_init_fs_root\n (bsc#1176019).\n\n - btrfs: open code btrfs_read_fs_root_no_name\n (bsc#1176019).\n\n - btrfs: push btrfs_grab_fs_root into btrfs_get_fs_root\n (bsc#1176019).\n\n - btrfs: push grab_fs_root into read_fs_root\n (bsc#1176019).\n\n - btrfs: push __setup_root into btrfs_alloc_root\n (bsc#1176019).\n\n - btrfs: reloc: clean dirty subvols if we fail to start a\n transaction (bsc#1176019).\n\n - btrfs: remove a BUG_ON() from merge_reloc_roots()\n (bsc#1176019).\n\n - btrfs: Remove block_rsv parameter from\n btrfs_drop_snapshot (bsc#1176019).\n\n - btrfs: remove btrfs_read_fs_root, not used anymore\n (bsc#1176019).\n\n - btrfs: remove embedded block_group_cache::item\n (bsc#1176019).\n\n - btrfs: Remove newest_gen argument from\n find_oldest_super_backup (bsc#1176019).\n\n - btrfs: Remove unused next_root_backup function\n (bsc#1176019).\n\n - btrfs: rename block_group_item on-stack accessors to\n follow naming (bsc#1176019).\n\n - btrfs: rename btrfs_block_group_cache (bsc#1176019).\n\n - btrfs: rename btrfs_put_fs_root and btrfs_grab_fs_root\n (bsc#1176019).\n\n - btrfs: rename extent buffer block group item accessors\n (bsc#1176019).\n\n - btrfs: Rename find_oldest_super_backup to\n init_backup_root_slot (bsc#1176019).\n\n - btrfs: require only sector size alignment for parent eb\n bytenr (bsc#1176789).\n\n - btrfs: reset tree root pointer after error in\n init_tree_roots (bsc#1176019).\n\n - btrfs: simplify inline extent handling when doing\n reflinks (bsc#1176019).\n\n - btrfs: stop clearing EXTENT_DIRTY in inode I/O tree\n (bsc#1176019).\n\n - btrfs: Streamline btrfs_fs_info::backup_root_index\n semantics (bsc#1176019).\n\n - btrfs: tree-checker: fix the error message for transid\n error (bsc#1176788).\n\n - btrfs: unset reloc control if we fail to recover\n (bsc#1176019).\n\n - btrfs: use bool argument in free_root_pointers()\n (bsc#1176019).\n\n - btrfs: use btrfs_block_group_cache_done in\n update_block_group (bsc#1176019).\n\n - btrfs: use btrfs_put_fs_root to free roots always\n (bsc#1176019).\n\n - ceph: do not allow setlease on cephfs (bsc#1176537).\n\n - ceph: fix potential mdsc use-after-free crash\n (bsc#1176538).\n\n - ceph: fix use-after-free for fsc->mdsc (bsc#1176539).\n\n - ceph: handle zero-length feature mask in session\n messages (bsc#1176540).\n\n - ceph: set sec_context xattr on symlink creation\n (bsc#1176541).\n\n - ceph: use frag's MDS in either mode (bsc#1176542).\n\n - cfg80211: regulatory: reject invalid hints\n (bsc#1176699).\n\n - char: virtio: Select VIRTIO from VIRTIO_CONSOLE\n (bsc#1175667).\n\n - cifs: Fix leak when handling lease break for cached root\n fid (bsc#1176242).\n\n - cifs/smb3: Fix data inconsistent when punch hole\n (bsc#1176544).\n\n - cifs/smb3: Fix data inconsistent when zero file range\n (bsc#1176536).\n\n - clk: davinci: Use the correct size when allocating\n memory (git-fixes).\n\n - clk: rockchip: Fix initialization of mux_pll_src_4plls_p\n (git-fixes).\n\n - cxgb4: fix thermal zone device registration (git-fixes).\n\n - dax: do not print error message for non-persistent\n memory block device (bsc#1171073).\n\n - dax: print error message by pr_info() in\n __generic_fsdax_supported() (bsc#1171073).\n\n - debugfs: Fix module state check condition (bsc#1173746).\n\n - debugfs: Fix module state check condition (git-fixes).\n\n - dev: Defer free of skbs in flush_backlog\n (networking-stable-20_07_29).\n\n - device property: Fix the secondary firmware node\n handling in set_primary_fwnode() (git-fixes).\n\n - dmaengine: acpi: Put the CSRT table after using it\n (git-fixes).\n\n - dmaengine: at_hdmac: check return value of\n of_find_device_by_node() in at_dma_xlate() (git-fixes).\n\n - dmaengine: dw-edma: Fix scatter-gather address\n calculation (git-fixes).\n\n - dmaengine: of-dma: Fix of_dma_router_xlate's\n of_dma_xlate handling (git-fixes).\n\n - dmaengine: pl330: Fix burst length if burst size is\n smaller than bus width (git-fixes).\n\n - dm: do not call report zones for more than the user\n requested (git fixes (block drivers)).\n\n - dm integrity: fix integrity recalculation that is\n improperly skipped (git fixes (block drivers)).\n\n - dm rq: do not call blk_mq_queue_stopped() in\n dm_stop_queue() (git fixes (block drivers)).\n\n - dm writecache: add cond_resched to loop in\n persistent_memory_claim() (git fixes (block drivers)).\n\n - dm writecache: correct uncommitted_block when discarding\n uncommitted entry (git fixes (block drivers)).\n\n - dm zoned: assign max_io_len correctly (git fixes (block\n drivers)).\n\n - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning\n (networking-stable-20_08_08).\n\n - dpaa_eth: Fix one possible memleak in dpaa_eth_probe\n (bsc#1175996).\n\n - driver-core: Introduce DEVICE_ATTR_ADMIN_(RO,RW)\n (bsc#1176486 ltc#188130).\n\n - drivers: hv: Specify receive buffer size using Hyper-V\n page size (bsc#1176877).\n\n - drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload\n (git-fixes).\n\n - drivers: hv: vmbus: hibernation: do not hang forever in\n vmbus_bus_resume() (git-fixes).\n\n - drivers/net/wan/x25_asy: Fix to make it work\n (networking-stable-20_07_29).\n\n - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl\n (git-fixes).\n\n - drm/amd/display: Switch to immediate mode for updating\n infopackets (git-fixes).\n\n - drm/amdgpu/display: fix ref count leak when\n pm_runtime_get_sync fails (git-fixes).\n\n - drm/amdgpu: Fix buffer overflow in INFO ioctl\n (git-fixes).\n\n - drm/amdgpu: fix ref count leak in\n amdgpu_display_crtc_set_config (git-fixes).\n\n - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms\n (git-fixes).\n\n - drm/amdgpu/gfx10: refine mgcg setting (git-fixes).\n\n - drm/amdkfd: Fix reference count leaks (git-fixes).\n\n - drm/amd/pm: correct the thermal alert temperature limit\n settings (git-fixes).\n\n - drm/amd/pm: correct Vega10 swctf limit setting\n (git-fixes).\n\n - drm/amd/pm: correct Vega12 swctf limit setting\n (git-fixes).\n\n - drm/amd/pm: correct Vega20 swctf limit setting\n (git-fixes).\n\n - drm/amd/powerplay: correct UVD/VCE PG state on custom\n pptable uploading (git-fixes).\n\n - drm/amd/powerplay: correct Vega20 cached smu feature\n state (git-fixes).\n\n - drm/amd/powerplay: Fix hardmins not being sent to SMU\n for RV (git-fixes).\n\n - drm/ast: Initialize DRAM type before posting GPU\n (bsc#1152472)\n\n - drm/mgag200: Remove declaration of mgag200_mmap() from\n header file (bsc#1152472)\n\n - drm/msm/a6xx: fix crashdec section name typo\n (git-fixes).\n\n - drm/msm/adreno: fix updating ring fence (git-fixes).\n\n - drm/msm/gpu: make ringbuffer readonly (git-fixes).\n\n - drm/nouveau/drm/noveau: fix reference count leak in\n nouveau_fbcon_open (git-fixes).\n\n - drm/nouveau: Fix reference count leak in\n nouveau_connector_detect (git-fixes).\n\n - drm/nouveau: fix reference count leak in\n nv50_disp_atomic_commit (git-fixes).\n\n - drm/radeon: fix multiple reference count leak\n (git-fixes).\n\n - drm/radeon: Prefer lower feedback dividers (git-fixes).\n\n - drm/sched: Fix passing zero to 'PTR_ERR' warning v2\n (git-fixes).\n\n - drm/sun4i: add missing put_device() call in\n (bsc#1152472)\n\n - drm/sun4i: backend: Disable alpha on the lowest plane on\n the A20 (bsc#1152472)\n\n - drm/sun4i: backend: Support alpha property on lowest\n plane (bsc#1152472)\n\n - drm/sun4i: Fix dsi dcs long write function (bsc#1152472)\n\n - drm/virtio: fix missing dma_fence_put() in (bsc#1152489)\n\n - drm/xen-front: Fix misused IS_ERR_OR_NULL checks\n (bsc#1065600).\n\n - EDAC/amd64: Add AMD family 17h model 60h PCI IDs\n (bsc#1152489).\n\n - EDAC/amd64: Read back the scrub rate PCI register on\n F15h (bsc#1152489).\n\n - EDAC: Fix reference count leaks (bsc#1152489).\n\n - efi: Add support for EFI_RT_PROPERTIES table\n (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - efi: avoid error message when booting under Xen\n (bsc#1172419).\n\n - efi/efivars: Expose RT service availability via efivars\n abstraction (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - efi: libstub/tpm: enable tpm eventlog function for ARM\n platforms (bsc#1173267).\n\n - efi: Mark all EFI runtime services as unsupported on\n non-EFI boot (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - efi: Register EFI rtc platform device only when\n available (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - efi: Store mask of supported runtime services in struct\n efi (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - efi: Use EFI ResetSystem only when available\n (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - efi: Use more granular check for availability for\n variable services (bsc#1174029, bsc#1174110,\n bsc#1174111).\n\n - enetc: Remove the mdio bus on PF probe bailout\n (networking-stable-20_07_29).\n\n - epoll: atomically remove wait entry on wake up\n (bsc#1176236).\n\n - epoll: call final ep_events_available() check under the\n lock (bsc#1176237).\n\n - ext4: handle read only external journal device\n (bsc#1176063).\n\n - fbcon: prevent user font height or width change from\n causing potential out-of-bounds access (git-fixes).\n\n - fbmem: pull fbcon_update_vcs() out of fb_set_var()\n (git-fixes).\n\n - felix: Fix initialization of ioremap resources\n (bsc#1175997).\n\n - Fix build error when CONFIG_ACPI is not set/enabled:\n (bsc#1065600).\n\n - ftrace: Setup correct FTRACE_FL_REGS flags for module\n (git-fixes).\n\n - HID: core: Add printk_once variants to hid_warn() etc\n (bsc#1176775).\n\n - HID: core: Correctly handle ReportSize being zero\n (git-fixes).\n\n - HID: core: fix dmesg flooding if report field larger\n than 32bit (bsc#1176775).\n\n - HID: core: reformat and reduce hid_printk macros\n (bsc#1176775).\n\n - HID: core: Sanitize event code and type when mapping\n input (git-fixes).\n\n - HID: elan: Fix memleak in elan_input_configured\n (git-fixes).\n\n - HID: hiddev: Fix slab-out-of-bounds write in\n hiddev_ioctl_usage() (git-fixes).\n\n - HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON\n commands (git-fixes).\n\n - HID: microsoft: Add rumble support for the 8bitdo SN30\n Pro+ controller (git-fixes).\n\n - HID: quirks: add NOGET quirk for Logitech GROUP\n (git-fixes).\n\n - HID: quirks: Always poll three more Lenovo PixArt mice\n (git-fixes).\n\n - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all\n Saitek X52 devices (git-fixes).\n\n - hsr: use netdev_err() instead of WARN_ONCE()\n (bsc#1176659).\n\n - hv_netvsc: do not use VF device if link is down\n (git-fixes).\n\n - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit()\n (git-fixes).\n\n - hv_netvsc: Remove 'unlikely' from netvsc_select_queue\n (git-fixes).\n\n - hv_utils: drain the timesync packets on\n onchannelcallback (bsc#1176877).\n\n - hv_utils: return error if host timesysnc update is stale\n (bsc#1176877).\n\n - i2c: algo: pca: Reapply i2c bus settings after reset\n (git-fixes).\n\n - i2c: core: Do not fail PRP0001 enumeration when no ID\n table exist (git-fixes).\n\n - i2c: i801: Fix resume bug (git-fixes).\n\n - i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of\n DMA_CTRL_ACK (git-fixes).\n\n - i2c: rcar: in slave mode, clear NACK earlier\n (git-fixes).\n\n - i40e: Fix crash during removing i40e driver (git-fixes).\n\n - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN\n (git-fixes).\n\n - ibmvnic: add missing parenthesis in do_reset()\n (bsc#1176700 ltc#188140).\n\n - iio:accel:bmc150-accel: Fix timestamp alignment and\n prevent data leak (git-fixes).\n\n - iio: accel: kxsd9: Fix alignment of local buffer\n (git-fixes).\n\n - iio:accel:mma7455: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:accel:mma8452: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:adc:ina2xx Fix timestamp alignment issue\n (git-fixes).\n\n - iio:adc:max1118 Fix alignment of timestamp and data leak\n issues (git-fixes).\n\n - iio: adc: mcp3422: fix locking on error path\n (git-fixes).\n\n - iio: adc: mcp3422: fix locking scope (git-fixes).\n\n - iio:adc:ti-adc081c Fix alignment and data leak issues\n (git-fixes).\n\n - iio:adc:ti-adc084s021 Fix alignment and data leak issues\n (git-fixes).\n\n - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is\n not set (git-fixes).\n\n - iio:chemical:ccs811: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio: dac: ad5592r: fix unbalanced mutex unlocks in\n ad5592r_read_raw() (git-fixes).\n\n - iio:light:ltr501 Fix timestamp alignment issue\n (git-fixes).\n\n - iio:light:max44000 Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:magnetometer:ak8975 Fix alignment and data leak\n issues (git-fixes).\n\n - iio:proximity:mb1232: Fix timestamp alignment and\n prevent data leak (git-fixes).\n\n - include/asm-generic/vmlinux.lds.h: align ro_after_init\n (git-fixes).\n\n - include/linux/bitops.h: avoid clang shift-count-overflow\n warnings (git-fixes).\n\n - include/linux/poison.h: remove obsolete comment\n (git-fixes).\n\n - infiniband: hfi1: Use EFI GetVariable only when\n available (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - initramfs: remove clean_rootfs (git-fixes).\n\n - initramfs: remove the populate_initrd_image and\n clean_rootfs stubs (git-fixes).\n\n - Input: i8042 - add Entroware Proteus EL07R4 to nomux and\n reset lists (git-fixes).\n\n - Input: trackpoint - add new trackpoint variant IDs\n (git-fixes).\n\n - integrity: Check properly whether EFI GetVariable() is\n available (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - iommu/amd: Do not force direct mapping when SME is\n active (bsc#1174358).\n\n - iommu/amd: Do not use IOMMUv2 functionality when SME is\n active (bsc#1174358).\n\n - iommu/amd: Print extended features in one line to fix\n divergent log levels (bsc#1176357).\n\n - iommu/amd: Restore IRTE.RemapEn bit after programming\n IRTE (bsc#1176358).\n\n - iommu/amd: Use cmpxchg_double() when updating 128-bit\n IRTE (bsc#1176359).\n\n - iommu/omap: Check for failure of a call to\n omap_iommu_dump_ctx (bsc#1176360).\n\n - iommu/vt-d: Fix PASID devTLB invalidation (bsc#1176361).\n\n - iommu/vt-d: Handle 36bit addressing for x86-32\n (bsc#1176362).\n\n - iommu/vt-d: Handle non-page aligned address\n (bsc#1176367).\n\n - iommu/vt-d: Remove global page support in devTLB flush\n (bsc#1176363).\n\n - iommu/vt-d: Serialize IOMMU GCMD register modifications\n (bsc#1176364).\n\n - iommu/vt-d: Support flushing more translation cache\n types (bsc#1176365).\n\n - ipv4: Silence suspicious RCU usage warning\n (networking-stable-20_08_08).\n\n - ipv6: fix memory leaks on IPV6_ADDRFORM path\n (networking-stable-20_08_08).\n\n - ipv6: Fix nexthop refcnt leak when creating ipv6 route\n info (networking-stable-20_08_08).\n\n - irqdomain/treewide: Free firmware node after domain\n removal (git-fixes).\n\n - irqdomain/treewide: Keep firmware node unconditionally\n allocated (git-fixes).\n\n - kABI: Fix kABI after EFI_RT_PROPERTIES table backport\n (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - kABI: net: dsa: microchip: call phy_remove_link_mode\n during probe (kabi).\n\n - kabi/severities: ignore kABI for net/ethernet/mscc/\n References: bsc#1176001,bsc#1175999 Exported symbols\n from drivers/net/ethernet/mscc/ are only used by\n drivers/net/dsa/ocelot/\n\n - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes\n (kernel/pm)).\n\n - kernel-syms.spec.in: Also use bz compression\n (boo#1175882).\n\n - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to\n Sandisks (jsc#SLE-14459).\n\n - libbpf: Fix readelf output parsing for Fedora\n (bsc#1155518).\n\n - libbpf: Fix readelf output parsing on powerpc with\n recent binutils (bsc#1155518).\n\n - libnvdimm: cover up nvdimm_security_ops changes\n (bsc#1171742).\n\n - libnvdimm: cover up struct nvdimm changes (bsc#1171742).\n\n - libnvdimm/security: fix a typo (bsc#1171742\n bsc#1167527).\n\n - libnvdimm/security: Introduce a 'frozen' attribute\n (bsc#1171742).\n\n - livepatch: Add -fdump-ipa-clones to build (). Add\n support for -fdump-ipa-clones GCC option. Update config\n files accordingly.\n\n - md: raid0/linear: fix dereference before null check on\n pointer mddev (git fixes (block drivers)).\n\n - media: cedrus: Add missing v4l2_ctrl_request_hdl_put()\n (git-fixes).\n\n - media: davinci: vpif_capture: fix potential double free\n (git-fixes).\n\n - media: gpio-ir-tx: improve precision of transmitted\n signal due to scheduling (git-fixes).\n\n - media: pci: ttpci: av7110: fix possible buffer overflow\n caused by bad DMA value in debiirq() (git-fixes).\n\n - mei: fix CNL itouch device number to match the spec\n (bsc#1175952).\n\n - mei: me: disable mei interface on LBG servers\n (bsc#1175952).\n\n - mei: me: disable mei interface on Mehlow server\n platforms (bsc#1175952).\n\n - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs\n (git-fixes).\n\n - mlx4: disable device on shutdown (git-fixes).\n\n - mlxsw: destroy workqueue when trap_register in\n mlxsw_emad_init (networking-stable-20_07_29).\n\n - mmc: dt-bindings: Add resets/reset-names for Mediatek\n MMC bindings (git-fixes).\n\n - mmc: mediatek: add optional module reset property\n (git-fixes).\n\n - mmc: sdhci-acpi: Clear amd_sdhci_host on reset\n (git-fixes).\n\n - mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040\n (git-fixes).\n\n - mmc: sdhci-msm: Add retries when all tuning phases are\n found valid (git-fixes).\n\n - mmc: sdhci-of-esdhc: Do not walk device-tree on every\n interrupt (git-fixes).\n\n - mmc: sdio: Use mmc_pre_req() / mmc_post_req()\n (git-fixes).\n\n - mm: limit boost_watermark on small zones (git fixes\n (mm/pgalloc)).\n\n - mm, page_alloc: fix core hung in free_pcppages_bulk()\n (git fixes (mm/pgalloc)).\n\n - mm/page_alloc: silence a KASAN false positive (git fixes\n (mm/pgalloc)).\n\n - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()\n (git fixes (mm/compaction)).\n\n - mm/shuffle: do not move pages between zones and do not\n read garbage memmaps (git fixes (mm/pgalloc)).\n\n - mm/sparse: rename pfn_present() to\n pfn_in_present_section() (git fixes (mm/pgalloc)).\n\n - mm, thp: fix defrag setting if newline is not used (git\n fixes (mm/thp)).\n\n - move to sorted section:\n patches.suse/x86-asm-64-Align-start-of-__clear_user-loop\n -to-16-by.patch\n\n - net: dp83640: fix SIOCSHWTSTAMP to update the struct\n with actual configuration (networking-stable-20_07_29).\n\n - net: dsa: felix: send VLANs on CPU port as egress-tagged\n (bsc#1175998).\n\n - net: dsa: microchip: call phy_remove_link_mode during\n probe (networking-stable-20_07_29).\n\n - net: dsa: ocelot: the MAC table on Felix is twice as\n large (bsc#1175999).\n\n - net: enetc: fix an issue about leak system resources\n (bsc#1176000).\n\n - net: ethernet: mlx4: Fix memory allocation in\n mlx4_buddy_init() (git-fixes).\n\n - net: ethernet: mtk_eth_soc: fix MTU warnings\n (networking-stable-20_08_08).\n\n - netfilter: ipset: Fix forceadd evaluation path\n (bsc#1176587).\n\n - net: Fix potential memory leak in proto_register()\n (networking-stable-20_08_15).\n\n - net: gre: recompute gre csum for sctp over gre tunnels\n (networking-stable-20_08_08).\n\n - net: initialize fastreuse on inet_inherit_port\n (networking-stable-20_08_15).\n\n - net: mscc: ocelot: fix untagged packet drops when\n enslaving to vlan aware bridge (bsc#1176001).\n\n - net/nfc/rawsock.c: add CAP_NET_RAW check\n (networking-stable-20_08_15).\n\n - net: refactor bind_bucket fastreuse into helper\n (networking-stable-20_08_15).\n\n - net: sched: initialize with 0 before setting erspan\n md->u (bsc#1154353).\n\n - net: Set fput_needed iff FDPUT_FPUT is set\n (networking-stable-20_08_15).\n\n - net/smc: put slot when connection is killed (git-fixes).\n\n - net-sysfs: add a newline when printing 'tx_timeout' by\n sysfs (networking-stable-20_07_29).\n\n - net: thunderx: use spin_lock_bh in\n nicvf_set_rx_mode_task() (networking-stable-20_08_08).\n\n - net/tls: Fix kmap usage (networking-stable-20_08_15).\n\n - net: udp: Fix wrong clean up for IS_UDPLITE macro\n (networking-stable-20_07_29).\n\n - NFC: st95hf: Fix memleak in st95hf_in_send_cmd\n (git-fixes).\n\n - nvme-fc: set max_segments to lldd max value\n (bsc#1176038).\n\n - nvme-pci: override the value of the controller's numa\n node (bsc#1176507).\n\n - obsolete_kmp: provide newer version than the obsoleted\n one (boo#1170232).\n\n - omapfb: fix multiple reference count leaks due to\n pm_runtime_get_sync (git-fixes).\n\n - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key()\n (networking-stable-20_08_08).\n\n - PCI: Add device even if driver attach failed\n (git-fixes).\n\n - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect\n (git-fixes).\n\n - PCI: Fix pci_create_slot() reference count leak\n (git-fixes).\n\n - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken\n (git-fixes).\n\n - platform/x86: dcdbas: Check SMBIOS for protected buffer\n address (jsc#SLE-14407).\n\n - PM: sleep: core: Fix the handling of pending runtime\n resume requests (git-fixes).\n\n - powerpc/64: mark emergency stacks valid to unwind\n (bsc#1156395).\n\n - powerpc/64s: machine check do not trace real-mode\n handler (bsc#1094244 ltc#168122).\n\n - powerpc/64s: machine check interrupt update NMI\n accounting (bsc#1094244 ltc#168122).\n\n - powerpc: Add cputime_to_nsecs() (bsc#1065729).\n\n - powerpc/book3s64/radix: Add kernel command line option\n to disable radix GTSE (bsc#1055186 ltc#153436\n jsc#SLE-13512).\n\n - powerpc/book3s64/radix: Fix boot failure with large\n amount of guest memory (bsc#1176022 ltc#187208).\n\n - powerpc: Do not flush caches when adding memory\n (bsc#1176980 ltc#187962).\n\n - powerpc: Implement ftrace_enabled() helpers (bsc#1094244\n ltc#168122).\n\n - powerpc/kernel: Cleanup machine check function\n declarations (bsc#1065729).\n\n - powerpc/kernel: Enables memory hot-remove after reboot\n on pseries guests (bsc#1177030 ltc#187588).\n\n - powerpc/mm: Enable radix GTSE only if supported\n (bsc#1055186 ltc#153436 jsc#SLE-13512).\n\n - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash\n guests only (bsc#1177030 ltc#187588).\n\n - powerpc/mm/radix: Create separate mappings for\n hot-plugged memory (bsc#1055186 ltc#153436).\n\n - powerpc/mm/radix: Fix PTE/PMD fragment count for early\n page table mappings (bsc#1055186 ltc#153436).\n\n - powerpc/mm/radix: Free PUD table when freeing pagetable\n (bsc#1055186 ltc#153436).\n\n - powerpc/mm/radix: Remove split_kernel_mapping()\n (bsc#1055186 ltc#153436).\n\n - powerpc/numa: Early request for home node associativity\n (bsc#1171068 ltc#183935).\n\n - powerpc/numa: Offline memoryless cpuless node 0\n (bsc#1171068 ltc#183935).\n\n - powerpc/numa: Prefer node id queried from vphn\n (bsc#1171068 ltc#183935).\n\n - powerpc/numa: Set numa_node for all possible cpus\n (bsc#1171068 ltc#183935).\n\n - powerpc/numa: Use cpu node map of first sibling thread\n (bsc#1171068 ltc#183935).\n\n - powerpc/papr_scm: Limit the readability of 'perf_stats'\n sysfs attribute (bsc#1176486 ltc#188130).\n\n - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB\n (bsc#1156395).\n\n - powerpc/prom: Enable Radix GTSE in cpu pa-features\n (bsc#1055186 ltc#153436 jsc#SLE-13512).\n\n - powerpc/pseries: Limit machine check stack to 4GB\n (bsc#1094244 ltc#168122).\n\n - powerpc/pseries: Machine check use rtas_call_unlocked()\n with args on stack (bsc#1094244 ltc#168122).\n\n - powerpc/pseries/ras: Avoid calling rtas_token() in NMI\n paths (bsc#1094244 ltc#168122).\n\n - powerpc/pseries/ras: Fix FWNMI_VALID off by one\n (bsc#1094244 ltc#168122).\n\n - powerpc/pseries/ras: fwnmi avoid modifying r3 in error\n case (bsc#1094244 ltc#168122).\n\n - powerpc/pseries/ras: fwnmi sreset should not interlock\n (bsc#1094244 ltc#168122).\n\n - powerpc/traps: Do not trace system reset (bsc#1094244\n ltc#168122).\n\n - powerpc/traps: Make unrecoverable NMIs die instead of\n panic (bsc#1094244 ltc#168122).\n\n - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction\n for 64bit Book3S (bsc#1065729).\n\n - qrtr: orphan socket in qrtr_release()\n (networking-stable-20_07_29).\n\n - RDMA/bnxt_re: Do not report transparent vlan from QP1\n (bsc#1173017).\n\n - RDMA/bnxt_re: Fix the qp table indexing (bsc#1173017).\n\n - RDMA/bnxt_re: Remove set but not used variable\n 'qplib_ctx' (bsc#1170774).\n\n - RDMA/bnxt_re: Remove the qp from list only if the qp\n destroy succeeds (bsc#1170774).\n\n - RDMA/bnxt_re: Restrict the max_gids to 256\n (bsc#1173017).\n\n - RDMA/bnxt_re: Static NQ depth allocation (bsc#1170774).\n\n - RDMA/mlx4: Read pkey table length instead of hardcoded\n value (git-fixes).\n\n - RDMA/siw: Suppress uninitialized var warning\n (jsc#SLE-8381).\n\n - regulator: core: Fix slab-out-of-bounds in\n regulator_unlock_recursive() (git-fixes).\n\n - regulator: fix memory leak on error path of\n regulator_register() (git-fixes).\n\n - regulator: plug of_node leak in regulator_register()'s\n error path (git-fixes).\n\n - regulator: push allocation in\n regulator_ena_gpio_request() out of lock (git-fixes).\n\n - regulator: push allocation in regulator_init_coupling()\n outside of lock (git-fixes).\n\n - regulator: push allocation in\n set_consumer_device_supply() out of lock (git-fixes).\n\n - regulator: push allocations in create_regulator()\n outside of lock (git-fixes).\n\n - regulator: pwm: Fix machine constraints application\n (git-fixes).\n\n - regulator: remove superfluous lock in\n regulator_resolve_coupling() (git-fixes).\n\n - Remove patch causing regression (bsc#1094244\n ltc#168122).\n\n - Revert 'ALSA: hda: Add support for Loongson 7A1000\n controller' (git-fixes).\n\n - Revert 'ALSA: hda - Fix silent audio output and\n corrupted input on MSI X570-A PRO' (git-fixes).\n\n - Revert 'ALSA: usb-audio: Disable Lenovo P620 Rear\n line-in volume control' (git-fixes).\n\n - Revert 'crypto: chelsio - Inline single pdu only'\n (git-fixes).\n\n - Revert 'xen/balloon: Fix crash when ballooning on x86 32\n bit PAE' (bsc#1065600).\n\n - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel\n modules (bsc#1176869 ltc#188243).\n\n - rpm/constraints.in: recognize also kernel-source-azure\n (bsc#1176732)\n\n - rpm/kernel-binary.spec.in: Also sign ppc64 kernels\n (jsc#SLE-15857 jsc#SLE-13618).\n\n - rpm/kernel-source.spec.in: Also use bz compression\n (boo#1175882).\n\n - rpm/macros.kernel-source: pass -c proerly in kernel\n module package (bsc#1176698) The '-c' option wasn't\n passed down to %_kernel_module_package so the ueficert\n subpackage wasn't generated even if the certificate is\n specified in the spec file.\n\n - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes).\n\n - rxrpc: Fix race between recvmsg and sendmsg on immediate\n call failure (networking-stable-20_08_08).\n\n - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg()\n returning ENODATA (networking-stable-20_07_29).\n\n - s390: Change s390_kernel_write() return type to match\n memcpy() (bsc#1176449). Prerequisite for bsc#1176449.\n\n - s390/dasd: fix inability to use DASD with DIAG driver\n (git-fixes).\n\n - s390: fix GENERIC_LOCKBREAK dependency typo in Kconfig\n (git-fixes).\n\n - s390/maccess: add no DAT mode to kernel_write\n (bsc#1176449).\n\n - s390/mm: fix huge pte soft dirty copying (git-fixes).\n\n - s390/qeth: do not process empty bridge port events\n (git-fixes).\n\n - s390/qeth: integrate RX refill worker with NAPI\n (git-fixes).\n\n - s390/qeth: tolerate pre-filled RX buffer (git-fixes).\n\n - s390/setup: init jump labels before command line parsing\n (git-fixes).\n\n - sbitmap: Consider cleared bits in sbitmap_bitmap_show()\n (git fixes (block drivers)).\n\n - sched: Add a tracepoint to track rq->nr_running\n (bnc#1155798 (CPU scheduler functional and performance\n backports)).\n\n - sched: Better document ttwu() (bnc#1155798 (CPU\n scheduler functional and performance backports)).\n\n - sched/cputime: Improve cputime_adjust() (bnc#1155798\n (CPU scheduler functional and performance backports)).\n\n - sched/debug: Add new tracepoints to track util_est\n (bnc#1155798 (CPU scheduler functional and performance\n backports)).\n\n - sched/debug: Fix the alignment of the show-state debug\n output (bnc#1155798 (CPU scheduler functional and\n performance backports)).\n\n - sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU\n scheduler functional and performance backports)).\n\n - sched/fair: Remove unused 'sd' parameter from\n scale_rt_capacity() (bnc#1155798 (CPU scheduler\n functional and performance backports)).\n\n - sched/fair: update_pick_idlest() Select group with\n lowest group_util when idle_cpus are equal (bnc#1155798\n (CPU scheduler functional and performance backports)).\n\n - sched: Fix use of count for nr_running tracepoint\n (bnc#1155798 (CPU scheduler functional and performance\n backports)).\n\n - sched: nohz: stop passing around unused 'ticks'\n parameter (bnc#1155798 (CPU scheduler functional and\n performance backports)).\n\n - sched/pelt: Remove redundant cap_scale() definition\n (bnc#1155798 (CPU scheduler functional and performance\n backports)).\n\n - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del()\n (bsc#1174899).\n\n - scsi: ibmvfc: Avoid link down on FS9100 canister reboot\n (bsc#1176962 ltc#188304).\n\n - scsi: ibmvfc: Use compiler attribute defines instead of\n __attribute__() (bsc#1176962 ltc#188304).\n\n - scsi: iscsi: Use EFI GetVariable only when available\n (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - scsi: libfc: Fix for double free() (bsc#1174899).\n\n - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid\n cases (bsc#1174899).\n\n - scsi: lpfc: Add and rename a whole bunch of function\n parameter descriptions (bsc#1171558 bsc#1136666\n bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796\n jsc#SLE-15449).\n\n - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes).\n\n - scsi: lpfc: Add description for lpfc_release_rpi()'s\n 'ndlpl param (bsc#1171558 bsc#1136666 bsc#1174486\n bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Add missing misc_deregister() for\n lpfc_init() (bsc#1171558 bsc#1136666 bsc#1174486\n bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Avoid another null dereference in\n lpfc_sli4_hba_unset() (bsc#1171558 bsc#1136666\n bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796\n jsc#SLE-15449).\n\n - scsi: lpfc: Correct some pretty obvious misdocumentation\n (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787\n bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Ensure variable has the same stipulations as\n code using it (bsc#1171558 bsc#1136666 bsc#1174486\n bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors\n (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787\n bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558\n bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000\n jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix kerneldoc parameter\n formatting/misnaming/missing issues (bsc#1171558\n bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000\n jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558\n bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000\n jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out\n of range value (bsc#1171558 bsc#1136666 bsc#1174486\n bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix oops when unloading driver while running\n mds diags (bsc#1171558 bsc#1136666 bsc#1174486\n bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix retry of PRLI when status indicates its\n unsupported (bsc#1171558 bsc#1136666 bsc#1174486\n bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix RSCN timeout due to incorrect gidft\n counter (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787\n bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix setting IRQ affinity with an empty CPU\n mask (git-fixes).\n\n - scsi: lpfc: Fix some function parameter descriptions\n (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787\n bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558\n bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000\n jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix-up around 120 documentation issues\n (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787\n bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix-up formatting/docrot where appropriate\n (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787\n bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Fix validation of bsg reply lengths\n (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787\n bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: NVMe remote port devloss_tmo from lldd\n (bcs#1173060 bsc#1171558 bsc#1136666 bsc#1174486\n bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n Replace\n patches.suse/lpfc-synchronize-nvme-transport-and-lpfc-dr\n iver-devloss_tmo.patch with upstream version of the fix.\n\n - scsi: lpfc: nvmet: Avoid hang / use-after-free again\n when destroying targetport (bsc#1171558 bsc#1136666\n bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796\n jsc#SLE-15449).\n\n - scsi: lpfc: Provide description for lpfc_mem_alloc()'s\n 'align' param (bsc#1171558 bsc#1136666 bsc#1174486\n bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Quieten some printks (bsc#1171558\n bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000\n jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Remove unused variable 'pg_addr'\n (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787\n bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558\n bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000\n jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: lpfc: Use __printf() format notation (bsc#1171558\n bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000\n jsc#SLE-15796 jsc#SLE-15449).\n\n - scsi: qla2xxx: Fix regression on sparc64 (git-fixes).\n\n - scsi: qla2xxx: Fix the return value (bsc#1171688).\n\n - scsi: qla2xxx: Fix the size used in a\n 'dma_free_coherent()' call (bsc#1171688).\n\n - scsi: qla2xxx: Fix wrong return value in\n qla_nvme_register_hba() (bsc#1171688).\n\n - scsi: qla2xxx: Fix wrong return value in\n qlt_chk_unresolv_exchg() (bsc#1171688).\n\n - scsi: qla2xxx: Handle incorrect entry_type entries\n (bsc#1171688).\n\n - scsi: qla2xxx: Log calling function name in\n qla2x00_get_sp_from_handle() (bsc#1171688).\n\n - scsi: qla2xxx: Remove pci-dma-compat wrapper API\n (bsc#1171688).\n\n - scsi: qla2xxx: Remove redundant variable initialization\n (bsc#1171688).\n\n - scsi: qla2xxx: Remove superfluous memset()\n (bsc#1171688).\n\n - scsi: qla2xxx: Simplify return value logic in\n qla2x00_get_sp_from_handle() (bsc#1171688).\n\n - scsi: qla2xxx: Suppress two recently introduced compiler\n warnings (git-fixes).\n\n - scsi: qla2xxx: Warn if done() or free() are called on an\n already freed srb (bsc#1171688).\n\n - scsi: zfcp: Fix use-after-free in request timeout\n handlers (git-fixes).\n\n - sctp: shrink stream outq only when new outcnt < old\n outcnt (networking-stable-20_07_29).\n\n - sctp: shrink stream outq when fails to do addstream\n reconf (networking-stable-20_07_29).\n\n - sdhci: tegra: Add missing TMCLK for data timeout\n (git-fixes).\n\n - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK\n for Tegra186 (git-fixes).\n\n - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK\n for Tegra210 (git-fixes).\n\n - selftests/net: relax cpu affinity requirement in\n msg_zerocopy test (networking-stable-20_08_08).\n\n - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes).\n\n - Set VIRTIO_CONSOLE=y (bsc#1175667).\n\n - SMB3: Honor 'handletimeout' flag for multiuser mounts\n (bsc#1176558).\n\n - SMB3: Honor persistent/resilient handle flags for\n multiuser mounts (bsc#1176546).\n\n - SMB3: Honor 'posix' flag for multiuser mounts\n (bsc#1176559).\n\n - SMB3: Honor 'seal' flag for multiuser mounts\n (bsc#1176545).\n\n - smb3: warn on confusing error scenario with sec=krb5\n (bsc#1176548).\n\n - soundwire: fix double free of dangling pointer\n (git-fixes).\n\n - spi: Fix memory leak on splited transfers (git-fixes).\n\n - spi: spi-loopback-test: Fix out-of-bounds read\n (git-fixes).\n\n - spi: stm32: always perform registers configuration prior\n to transfer (git-fixes).\n\n - spi: stm32: clear only asserted irq flags on interrupt\n (git-fixes).\n\n - spi: stm32: fix fifo threshold level in case of short\n transfer (git-fixes).\n\n - spi: stm32: fix pm_runtime_get_sync() error checking\n (git-fixes).\n\n - spi: stm32: fix stm32_spi_prepare_mbr in case of odd\n clk_rate (git-fixes).\n\n - spi: stm32h7: fix race condition at end of transfer\n (git-fixes).\n\n - taprio: Fix using wrong queues in gate mask\n (bsc#1154353).\n\n - tcp: apply a floor of 1 for RTT samples from TCP\n timestamps (networking-stable-20_08_08).\n\n - tcp: correct read of TFO keys on big endian systems\n (networking-stable-20_08_15).\n\n - test_kmod: avoid potential double free in\n trigger_config_run_type() (git-fixes).\n\n - tg3: Fix soft lockup when tg3_reset_task() fails\n (git-fixes).\n\n - thermal: qcom-spmi-temp-alarm: Do not suppress negative\n temp (git-fixes).\n\n - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for\n omap4430 (git-fixes).\n\n - tracing: fix double free (git-fixes).\n\n - Update\n patches.suse/btrfs-add-dedicated-members-for-start-and-l\n ength-of-.patch (bsc#1176019).\n\n - Update\n patches.suse/btrfs-Move-free_pages_out-label-in-inline-e\n xtent-han.patch (bsc#1174484).\n\n - update to September 2020 maintenance update submission\n (commit 8bb516dc7a0a)\n\n - USB: cdc-acm: rework notification_buffer resizing\n (git-fixes).\n\n - usb: core: fix slab-out-of-bounds Read in\n read_descriptors (git-fixes).\n\n - usb: Fix out of sync data toggle if a configured device\n is reconfigured (git-fixes).\n\n - USB: gadget: f_ncm: add bounds checks to\n ncm_unwrap_ntb() (git-fixes).\n\n - usb: gadget: f_tcm: Fix some resource leaks in some\n error paths (git-fixes).\n\n - USB: gadget: u_f: add overflow checks to VLA macros\n (git-fixes).\n\n - USB: gadget: u_f: Unbreak offset calculation in VLAs\n (git-fixes).\n\n - usb: host: ohci-exynos: Fix error handling in\n exynos_ohci_probe() (git-fixes).\n\n - usb: host: xhci: fix ep context print mismatch in\n debugfs (git-fixes).\n\n - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge\n (git-fixes).\n\n - USB: lvtest: return proper error code in probe\n (git-fixes).\n\n - USB: quirks: Add no-lpm quirk for another Raydium\n touchscreen (git-fixes).\n\n - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk\n for BYD zhaoxin notebook (git-fixes).\n\n - USB: quirks: Ignore duplicate endpoint on Sound Devices\n MixPre-D (git-fixes).\n\n - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE\n (git-fixes).\n\n - USB: serial: ftdi_sio: add IDs for Xsens Mti USB\n converter (git-fixes).\n\n - USB: serial: ftdi_sio: clean up receive processing\n (git-fixes).\n\n - USB: serial: ftdi_sio: fix break and sysrq handling\n (git-fixes).\n\n - USB: serial: ftdi_sio: make process-packet buffer\n unsigned (git-fixes).\n\n - USB: serial: option: add support for\n SIM7070/SIM7080/SIM7090 modules (git-fixes).\n\n - USB: serial: option: support dynamic Quectel USB\n compositions (git-fixes).\n\n - USB: sisusbvga: Fix a potential UB casued by left\n shifting a negative value (git-fixes).\n\n - usb: storage: Add unusual_uas entry for Sony PSZ drives\n (git-fixes).\n\n - usb: typec: ucsi: acpi: Check the _DEP dependencies\n (git-fixes).\n\n - usb: typec: ucsi: Prevent mode overrun (git-fixes).\n\n - usb: uas: Add quirk for PNY Pro Elite (git-fixes).\n\n - USB: UAS: fix disconnect by unplugging a hub\n (git-fixes).\n\n - USB: yurex: Fix bad gfp argument (git-fixes).\n\n - vfio-pci: Avoid recursive read-lock usage (bsc#1176366).\n\n - virtio-blk: free vblk-vqs in error path of\n virtblk_probe() (git fixes (block drivers)).\n\n - virtio_pci_modern: Fix the comment of\n virtio_pci_find_capability() (git-fixes).\n\n - vsock/virtio: annotate 'the_virtio_vsock' RCU pointer\n (networking-stable-20_07_29).\n\n - vt: defer kfree() of vc_screenbuf in vc_do_resize()\n (git-fixes).\n\n - vxlan: Ensure FDB dump is performed under RCU\n (networking-stable-20_08_08).\n\n - wireguard: noise: take lock when removing handshake\n entry from table (git-fixes).\n\n - wireguard: peerlookup: take lock before checking hash in\n replace operation (git-fixes).\n\n - workqueue: require CPU hotplug read exclusion for\n apply_workqueue_attrs (bsc#1176763).\n\n - x86/hotplug: Silence APIC only after all interrupts are\n migrated (git-fixes).\n\n - x86/ima: Use EFI GetVariable only when available\n (bsc#1174029, bsc#1174110, bsc#1174111).\n\n - x86/mce/inject: Fix a wrong assignment of i_mce.status\n (bsc#1152489).\n\n - x86, sched: Bail out of frequency invariance if\n turbo_freq/base_freq gives 0 (bsc#1176925).\n\n - x86, sched: Bail out of frequency invariance if turbo\n frequency is unknown (bsc#1176925).\n\n - x86, sched: check for counters overflow in frequency\n invariant accounting (bsc#1176925).\n\n - x86/stacktrace: Fix reliable check for empty user task\n stacks (bsc#1058115).\n\n - x86/unwind/orc: Fix ORC for newly forked tasks\n (bsc#1058115).\n\n - xen/balloon: fix accounting in alloc_xenballooned_pages\n error path (bsc#1065600).\n\n - xen/balloon: make the balloon wait interruptible\n (bsc#1065600).\n\n - xen: do not reschedule in preemption off sections\n (bsc#1175749).\n\n - xen/gntdev: Fix dmabuf import with non-zero sgt offset\n (bsc#1065600).\n\n - XEN uses irqdesc::irq_data_common::handler_data to store\n a per interrupt XEN data pointer which contains XEN\n specific information (bsc#1065600).\n\n - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep\n reset failed (git-fixes).\n\n - xhci: Do warm-reset when both CAS and XDEV_RESUME are\n set (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175952\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175997\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176361\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177030\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14390\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debuginfo-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debugsource-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-debuginfo-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-5.3.18-lp152.44.1.lp152.8.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-rebuild-5.3.18-lp152.44.1.lp152.8.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debuginfo-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debugsource-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-debuginfo-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-devel-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-docs-html-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debuginfo-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debugsource-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-macros-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-debugsource-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-qa-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debuginfo-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debugsource-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-vanilla-5.3.18-lp152.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-syms-5.3.18-lp152.44.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-debuginfo / kernel-debug-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:37", "description": "The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).\n\nCVE-2020-2521: Fixed getxattr kernel panic and memory overflow (bsc#1176381).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).\n\nCVE-2020-14385: Fixed a failure of the file system metadata validator in XFS which could have caused an inode with a valid, user-creatable extended attribute to be flagged as corrupt (bsc#1176137).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2879-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-14385", "CVE-2020-14390", "CVE-2020-2521", "CVE-2020-25284", "CVE-2020-26088"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2879-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143671", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2879-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143671);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0431\",\n \"CVE-2020-0432\",\n \"CVE-2020-2521\",\n \"CVE-2020-14385\",\n \"CVE-2020-14390\",\n \"CVE-2020-25284\",\n \"CVE-2020-26088\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2879-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket\ncreation could have been used by local attackers to create raw\nsockets, bypassing security mechanisms (bsc#1176990).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory\ncorruption or a denial of service when changing screen size\n(bnc#1176235).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow\n(bsc#1176721).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free\n(bsc#1176725).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds\ncheck (bsc#1176722).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root\ncause (bsc#1176423).\n\nCVE-2020-2521: Fixed getxattr kernel panic and memory overflow\n(bsc#1176381).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to\nrbd devices, which could have been leveraged by local attackers to map\nor unmap rbd block devices (bsc#1176482).\n\nCVE-2020-14385: Fixed a failure of the file system metadata validator\nin XFS which could have caused an inode with a valid, user-creatable\nextended attribute to be flagged as corrupt (bsc#1176137).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174484\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175997\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176357\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176359\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0404/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0427/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0431/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0432/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14385/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14390/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-2521/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25284/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26088/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202879-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f0f0386\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2879=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2879=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2879=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP2-2020-2879=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2879=1\n\nSUSE Linux Enterprise High Availability 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2879=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14390\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-0432\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.24.1.9.7.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-debuginfo-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.24.1.9.7.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:50", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).\n\nCVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).\n\nCVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011).\n\nCVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr function which could have led to memory corruption and read overflow (bsc#1177206).\n\nCVE-2020-25641: Fixed ann issue where length bvec was causing softlockups (bsc#1177121).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2904-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25643", "CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-14381", "CVE-2020-14390", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-26088"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2904-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143708", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2904-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143708);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-25643\",\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0431\",\n \"CVE-2020-0432\",\n \"CVE-2020-14381\",\n \"CVE-2020-14390\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-26088\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2904-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket\ncreation could have been used by local attackers to create raw\nsockets, bypassing security mechanisms (bsc#1176990).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory\ncorruption or a denial of service when changing screen size\n(bnc#1176235).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow\n(bsc#1176721).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free\n(bsc#1176725).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds\ncheck (bsc#1176722).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root\ncause (bsc#1176423).\n\nCVE-2020-25212: Fixed getxattr kernel panic and memory overflow\n(bsc#1176381).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to\nrbd devices, which could have been leveraged by local attackers to map\nor unmap rbd block devices (bsc#1176482).\n\nCVE-2020-14381: Fixed requeue paths such that filp was valid when\ndropping the references (bsc#1176011).\n\nCVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr\nfunction which could have led to memory corruption and read overflow\n(bsc#1177206).\n\nCVE-2020-25641: Fixed ann issue where length bvec was causing\nsoftlockups (bsc#1177121).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0404/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0427/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0431/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0432/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14381/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14390/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25212/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25284/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25641/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25643/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26088/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202904-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b0e53fa0\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2020-2904=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2904=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2904=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2904=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2020-2904=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14381\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.41.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:25:24", "description": "The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-25212: Fixed nfs getxattr kernel panic and memory overflow that could lead to crashes or privilege escalations (bsc#1176381).\n\n - CVE-2020-14381: Fixed inode life-time issue in futex handling (bsc#1176011).\n\n - CVE-2020-25643: Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (bnc#1177206).\n\n - CVE-2020-25641: A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allowed a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability (bnc#1177121).\n\n - CVE-2020-26088: A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a (bnc#1176990).\n\n - CVE-2020-14390: When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1176235 bnc#1176278).\n\n - CVE-2020-0432: In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176721).\n\n - CVE-2020-0427: In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free.\n This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176725).\n\n - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176722).\n\n - CVE-2020-0404: In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176423).\n\n - CVE-2020-25284: The rbd block device driver in drivers/block/rbd.c used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe (bnc#1176482).\n\n - CVE-2020-14386: Memory corruption in af_apcket can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bnc#1176069).\n\nThe following non-security bugs were fixed :\n\n - 9p: Fix memory leak in v9fs_mount (git-fixes).\n\n - ACPI: EC: Reference count query handlers under lock (git-fixes).\n\n - Add de2b41be8fcc x86, vmlinux.lds: Page-align end of ..page_aligned sections\n\n - Add f29dfa53cc8a x86/bugs/multihit: Fix mitigation reporting when VMX is not in use\n\n - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes).\n\n - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes).\n\n - airo: Fix read overflows sending packets (git-fixes).\n\n - ALSA: asihpi: fix iounmap in error handler (git-fixes).\n\n - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes).\n\n - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes).\n\n - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes).\n\n - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes).\n\n - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes).\n\n - altera-stapl: altera_get_note: prevent write beyond end of 'key' (git-fixes).\n\n - amd-xgbe: Add a check for an skb in the timestamp path (git-fixes).\n\n - amd-xgbe: Add additional dynamic debug messages (git-fixes).\n\n - amd-xgbe: Add additional ethtool statistics (git-fixes).\n\n - amd-xgbe: Add ethtool show/set channels support (git-fixes).\n\n - amd-xgbe: Add ethtool show/set ring parameter support (git-fixes).\n\n - amd-xgbe: Add ethtool support to retrieve SFP module info (git-fixes).\n\n - amd-xgbe: Add hardware features debug output (git-fixes).\n\n - amd-xgbe: Add NUMA affinity support for IRQ hints (git-fixes).\n\n - amd-xgbe: Add NUMA affinity support for memory allocations (git-fixes).\n\n - amd-xgbe: Add per queue Tx and Rx statistics (git-fixes).\n\n - amd-xgbe: Advertise FEC support with the KR re-driver (git-fixes).\n\n - amd-xgbe: Always attempt link training in KR mode (git-fixes).\n\n - amd-xgbe: Be sure driver shuts down cleanly on module removal (git-fixes).\n\n - amd-xgbe: Convert to generic power management (git-fixes).\n\n - amd-xgbe: Fix debug output of max channel counts (git-fixes).\n\n - amd-xgbe: Fix error path in xgbe_mod_init() (git-fixes).\n\n - amd-xgbe: Fixes for working with PHYs that support 2.5GbE (git-fixes).\n\n - amd-xgbe: Fix SFP PHY supported/advertised settings (git-fixes).\n\n - amd-xgbe: fix spelling mistake: 'avialable' -> 'available' (git-fixes).\n\n - amd-xgbe: Handle return code from software reset function (git-fixes).\n\n - amd-xgbe: Improve SFP 100Mbps auto-negotiation (git-fixes).\n\n - amd-xgbe: Interrupt summary bits are h/w version dependent (git-fixes).\n\n - amd-xgbe: Limit the I2C error messages that are output (git-fixes).\n\n - amd-xgbe: Mark expected switch fall-throughs (git-fixes).\n\n - amd-xgbe: Optimize DMA channel interrupt enablement (git-fixes).\n\n - amd-xgbe: Prepare for ethtool set-channel support (git-fixes).\n\n - amd-xgbe: Prevent looping forever if timestamp update fails (git-fixes).\n\n - amd-xgbe: Read and save the port property registers during probe (git-fixes).\n\n - amd-xgbe: Remove field that indicates SFP diagnostic support (git-fixes).\n\n - amd-xgbe: remove unnecessary conversion to bool (git-fixes).\n\n - amd-xgbe: Remove use of comm_owned field (git-fixes).\n\n - amd-xgbe: Set the MDIO mode for 10000Base-T configuration (git-fixes).\n\n - amd-xgbe: Simplify the burst length settings (git-fixes).\n\n - amd-xgbe: Update the BelFuse quirk to support SGMII (git-fixes).\n\n - amd-xgbe: Update TSO packet statistics accuracy (git-fixes).\n\n - amd-xgbe: use devm_platform_ioremap_resource() to simplify code (git-fixes).\n\n - amd-xgbe: use dma_mapping_error to check map errors (git-fixes).\n\n - amd-xgbe: Use __napi_schedule() in BH context (git-fixes).\n\n - amd-xgbe: Use the proper register during PTP initialization (git-fixes).\n\n - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes).\n\n - arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084).\n\n - arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084).\n\n - asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178).\n\n - ASoC: kirkwood: fix IRQ error handling (git-fixes).\n\n - ASoC: tegra: Fix reference count leaks (git-fixes).\n\n - ath10k: fix array out-of-bounds access (git-fixes).\n\n - ath10k: fix memory leak for tpc_stats_final (git-fixes).\n\n - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes).\n\n - batman-adv: Add missing include for in_interrupt() (git-fixes).\n\n - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes).\n\n - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes).\n\n - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes).\n\n - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes).\n\n - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes).\n\n - bcache: Convert pr_<level> uses to a more typical style (git fixes (block drivers)).\n\n - bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)).\n\n - bcm63xx_enet: correct clock usage (git-fixes).\n\n - bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes).\n\n - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)).\n\n - blktrace: fix debugfs use after free (git fixes (block drivers)).\n\n - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)).\n\n - block: revert back to synchronous request_queue removal (git fixes (block drivers)).\n\n - block: Use non _rcu version of list functions for tag_set_list (git-fixes).\n\n - Bluetooth: Fix refcount use-after-free issue (git-fixes).\n\n - Bluetooth: guard against controllers sending zero'd events (git-fixes).\n\n - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes).\n\n - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes).\n\n - Bluetooth: prefetch channel before killing sock (git-fixes).\n\n - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29).\n\n - bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes).\n\n - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789).\n\n - btrfs: tree-checker: fix the error message for transid error (bsc#1176788).\n\n - ceph: do not allow setlease on cephfs (bsc#1177041).\n\n - ceph: fix potential mdsc use-after-free crash (bsc#1177042).\n\n - ceph: fix use-after-free for fsc->mdsc (bsc#1177043).\n\n - ceph: handle zero-length feature mask in session messages (bsc#1177044).\n\n - cfg80211: regulatory: reject invalid hints (bsc#1176699).\n\n - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242).\n\n - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).\n\n - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).\n\n - clk: Add (devm_)clk_get_optional() functions (git-fixes).\n\n - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes).\n\n - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes).\n\n - clk/ti/adpll: allocate room for terminating null (git-fixes).\n\n - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes).\n\n - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966).\n\n - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes).\n\n - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes).\n\n - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes).\n\n - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes).\n\n - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes).\n\n - dm crypt: avoid truncating the logical block size (git fixes (block drivers)).\n\n - dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)).\n\n - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)).\n\n - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)).\n\n - dm: report suspended device during destroy (git fixes (block drivers)).\n\n - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)).\n\n - dm: use noio when sending kobject event (git fixes (block drivers)).\n\n - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)).\n\n - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)).\n\n - dm zoned: assign max_io_len correctly (git fixes (block drivers)).\n\n - drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes).\n\n - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877).\n\n - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes).\n\n - drivers: net: add missing interrupt.h include (git-fixes).\n\n - drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case (git-fixes).\n\n - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29).\n\n - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes).\n\n - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes).\n\n - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes).\n\n - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes).\n\n - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes).\n\n - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes).\n\n - drm/amdgpu: increase atombios cmd timeout (git-fixes).\n\n - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes).\n\n - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes).\n\n - drm/amdkfd: fix a memory leak issue (git-fixes).\n\n - drm/amdkfd: Fix reference count leaks (git-fixes).\n\n - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes).\n\n - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes).\n\n - drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) 	* context changes\n\n - drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail (git-fixes).\n\n - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() (git-fixes).\n\n - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes).\n\n - drm/msm: add shutdown support for display platform_driver (git-fixes).\n\n - drm/msm: Disable preemption on all 5xx targets (git-fixes).\n\n - drm/msm: fix leaks if initialization fails (git-fixes).\n\n - drm/msm/gpu: make ringbuffer readonly (bsc#1112178) 	* context changes\n\n - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes).\n\n - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes).\n\n - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes).\n\n - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes).\n\n - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes).\n\n - drm/nouveau: fix runtime pm imbalance on error (git-fixes).\n\n - drm/omap: fix possible object reference leak (git-fixes).\n\n - drm/radeon: fix multiple reference count leak (git-fixes).\n\n - drm/radeon: Prefer lower feedback dividers (git-fixes).\n\n - drm/radeon: revert 'Prefer lower feedback dividers' (git-fixes).\n\n - drm/sun4i: Fix dsi dcs long write function (git-fixes).\n\n - drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes).\n\n - drm/tve200: Stabilize enable/disable (git-fixes).\n\n - drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes).\n\n - e1000: Do not perform reset in reset_task if we are already down (git-fixes).\n\n - EDAC: Fix reference count leaks (bsc#1112178).\n\n - fbcon: prevent user font height or width change from causing (bsc#1112178)\n\n - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950).\n\n - ftrace: Move RCU is watching check after recursion check (git-fixes).\n\n - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes).\n\n - gma/gma500: fix a memory disclosure bug due to uninitialized bytes (git-fixes).\n\n - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes).\n\n - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes).\n\n - gtp: fix Illegal context switch in RCU read-side critical section (git-fixes).\n\n - gtp: fix use-after-free in gtp_newlink() (git-fixes).\n\n - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes).\n\n - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659).\n\n - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877).\n\n - hv_utils: return error if host timesysnc update is stale (bsc#1176877).\n\n - hwmon: (applesmc) check status earlier (git-fixes).\n\n - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes).\n\n - i2c: cpm: Fix i2c_ram structure (git-fixes).\n\n - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).\n\n - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes).\n\n - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes).\n\n - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes).\n\n - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes).\n\n - iio: adc: mcp3422: fix locking on error path (git-fixes).\n\n - iio: adc: mcp3422: fix locking scope (git-fixes).\n\n - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes).\n\n - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes).\n\n - iio: improve IIO_CONCENTRATION channel type description (git-fixes).\n\n - iio:light:ltr501 Fix timestamp alignment issue (git-fixes).\n\n - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes).\n\n - include: add additional sizes (bsc#1094244 ltc#168122).\n\n - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293).\n\n - iommu/amd: Fix potential @entry null deref (bsc#1177294).\n\n - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316).\n\n - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291).\n\n - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317).\n\n - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295).\n\n - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318).\n\n - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296).\n\n - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319).\n\n - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320).\n\n - kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.\n\n - kernel-syms.spec.in: Also use bz compression (boo#1175882).\n\n - KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084).\n\n - KVM: arm64: Cleanup __activate_traps and\n __deactive_traps for VHE and non-VHE (jsc#SLE-4084).\n\n - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084).\n\n - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084).\n\n - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084).\n\n - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions (jsc#SLE-4084).\n\n - KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084).\n\n - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084).\n\n - KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084).\n\n - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084).\n\n - KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084).\n\n - KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084).\n\n - KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084).\n\n - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084).\n\n - KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084).\n\n - KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084).\n\n - KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084).\n\n - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084).\n\n - KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084).\n\n - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084).\n\n - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084).\n\n - KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084).\n\n - KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084).\n\n - KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084).\n\n - KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084).\n\n - KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084).\n\n - KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084).\n\n - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084).\n\n - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084).\n\n - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084).\n\n - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084).\n\n - KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084).\n\n - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084).\n\n - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084).\n\n - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084).\n\n - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084).\n\n - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084).\n\n - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084).\n\n - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084).\n\n - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084).\n\n - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178).\n\n - KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM (bsc#1176321).\n\n - KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#1112178).\n\n - KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084).\n\n - libceph: allow setting abort_on_full for rbd (bsc#1169972).\n\n - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742).\n\n - libnvdimm: cover up struct nvdimm changes (bsc#1171742).\n\n - libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742).\n\n - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527).\n\n - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742).\n\n - lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)).\n\n - livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly.\n\n - mac802154: tx: fix use-after-free (git-fixes).\n\n - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)).\n\n - media: davinci: vpif_capture: fix potential double free (git-fixes).\n\n - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes).\n\n - media: smiapp: Fix error handling at NVM reading (git-fixes).\n\n - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes).\n\n - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes).\n\n - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes).\n\n - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366).\n\n - mmc: cqhci: Add cqhci_deactivate() (git-fixes).\n\n - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes).\n\n - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes).\n\n - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes).\n\n - mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)).\n\n - mm/vmalloc.c: move 'area->pages' after if statement (git fixes (mm/vmalloc)).\n\n - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes).\n\n - mtd: lpddr: Fix a double free in probe() (git-fixes).\n\n - mtd: phram: fix a double free issue in error path (git-fixes).\n\n - mtd: properly check all write ioctls for permissions (git-fixes).\n\n - net: 8390: Fix manufacturer name in Kconfig help text (git-fixes).\n\n - net: amd: fix return type of ndo_start_xmit function (git-fixes).\n\n - net/amd: Remove useless driver version (git-fixes).\n\n - net: amd-xgbe: fix comparison to bitshift when dealing with a mask (git-fixes).\n\n - net: amd-xgbe: Get rid of custom hex_dump_to_buffer() (git-fixes).\n\n - net: apple: Fix manufacturer name in Kconfig help text (git-fixes).\n\n - net: broadcom: Fix manufacturer name in Kconfig help text (git-fixes).\n\n - net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes).\n\n - net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes).\n\n - net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes).\n\n - net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes).\n\n - net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes).\n\n - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes).\n\n - net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes).\n\n - net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes).\n\n - net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes).\n\n - net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes).\n\n - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes).\n\n - net: fs_enet: do not call phy_stop() in interrupts (git-fixes).\n\n - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15).\n\n - net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes).\n\n - net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08).\n\n - net: lio_core: fix potential sign-extension overflow on large shift (git-fixes).\n\n - net/mlx5: Add meaningful return codes to status_to_err function (git-fixes).\n\n - net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes).\n\n - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes).\n\n - net: mvmdio: defer probe of orion-mdio if a clock is not ready (git-fixes).\n\n - net: mvneta: fix mtu change on port without link (git-fixes).\n\n - net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes).\n\n - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15).\n\n - net: qca_spi: Avoid packet drop during initial sync (git-fixes).\n\n - net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes).\n\n - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15).\n\n - net/smc: fix dmb buffer shortage (git-fixes).\n\n - net/smc: fix restoring of fallback changes (git-fixes).\n\n - net/smc: fix sock refcounting in case of termination (git-fixes).\n\n - net/smc: improve close of terminated socket (git-fixes).\n\n - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes).\n\n - net/smc: remove freed buffer from list (git-fixes).\n\n - net/smc: reset sndbuf_desc if freed (git-fixes).\n\n - net/smc: set rx_off for SMCR explicitly (git-fixes).\n\n - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes).\n\n - net/smc: tolerate future SMCD versions (git-fixes).\n\n - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes).\n\n - net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes).\n\n - net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes).\n\n - net: stmmac: dwmac4: fix flow control issue (git-fixes).\n\n - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes).\n\n - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes).\n\n - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes).\n\n - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes).\n\n - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes).\n\n - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes).\n\n - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes).\n\n - net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()' (git-fixes).\n\n - net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()' (git-fixes).\n\n - net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes).\n\n - net: stmmac: set MSS for each tx DMA channel (git-fixes).\n\n - net: stmmac: Use correct values in TQS/RQS fields (git-fixes).\n\n - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29).\n\n - net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes).\n\n - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes).\n\n - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx (git-fixes).\n\n - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes).\n\n - net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes).\n\n - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935).\n\n - nvme-fc: set max_segments to lldd max value (bsc#1176038).\n\n - nvme-pci: override the value of the controller's numa node (bsc#1176507).\n\n - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228).\n\n - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes).\n\n - PCI/ASPM: Allow re-enabling Clock PM (git-fixes).\n\n - PCI: Fix pci_create_slot() reference count leak (git-fixes).\n\n - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes).\n\n - PCI: qcom: Add missing reset for ipq806x (git-fixes).\n\n - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes).\n\n - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes).\n\n - PCI: rcar: Fix incorrect programming of OB windows (git-fixes).\n\n - phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes).\n\n - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes).\n\n - platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes).\n\n - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes).\n\n - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes).\n\n - powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122).\n\n - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122).\n\n - powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122).\n\n - powerpc/64s: Include <asm/nmi.h> header file to fix a warning (bsc#1094244 ltc#168122).\n\n - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122).\n\n - powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122).\n\n - powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122).\n\n - powerpc: Add cputime_to_nsecs() (bsc#1065729).\n\n - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436).\n\n - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208).\n\n - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122).\n\n - powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ).\n\n - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729).\n\n - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588).\n\n - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436).\n\n - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588).\n\n - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208).\n\n - powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208).\n\n - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436).\n\n - powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122).\n\n - powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208).\n\n - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122).\n\n - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122).\n\n - powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208).\n\n - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122).\n\n - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122).\n\n - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122).\n\n - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122).\n\n - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122).\n\n - powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122).\n\n - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122).\n\n - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729).\n\n - power: supply: max17040: Correct voltage reading (git-fixes).\n\n - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)).\n\n - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes).\n\n - Revert 'ALSA: hda: Add support for Loongson 7A1000 controller' (git-fixes).\n\n - Revert 'ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control' (git-fixes).\n\n - Revert 'i2c: cadence: Fix the hold bit setting' (git-fixes).\n\n - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243).\n\n - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732)\n\n - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618).\n\n - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, '--ca-check' is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package.\n\n - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882).\n\n - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The '-c' option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file.\n\n - rtc: ds1374: fix possible race condition (git-fixes).\n\n - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes).\n\n - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08).\n\n - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29).\n\n - s390/mm: fix huge pte soft dirty copying (git-fixes).\n\n - s390/qeth: do not process empty bridge port events (git-fixes).\n\n - s390/qeth: integrate RX refill worker with NAPI (git-fixes).\n\n - s390/qeth: tolerate pre-filled RX buffer (git-fixes).\n\n - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899).\n\n - scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675).\n\n - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304).\n\n - scsi: ibmvfc: Use compiler attribute defines instead of\n __attribute__() (bsc#1176962 ltc#188304).\n\n - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258).\n\n - scsi: libfc: Fix for double free() (bsc#1174899).\n\n - scsi: libfc: free response frame from GPN_ID (bsc#1174899).\n\n - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899).\n\n - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes).\n\n - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes).\n\n - scsi: qla2xxx: Fix regression on sparc64 (git-fixes).\n\n - scsi: qla2xxx: Fix the return value (bsc#1171688).\n\n - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688).\n\n - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688).\n\n - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688).\n\n - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688).\n\n - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688).\n\n - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688).\n\n - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688).\n\n - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688).\n\n - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688).\n\n - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes).\n\n - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688).\n\n - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes).\n\n - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes).\n\n - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes).\n\n - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes).\n\n - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes).\n\n - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084).\n\n - smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546).\n\n - smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545).\n\n - smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548).\n\n - staging:r8188eu: avoid skb_clone for amsdu to msdu conversion (git-fixes).\n\n - stmmac: Do not access tx_q->dirty_tx before netif_tx_lock (git-fixes).\n\n - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08).\n\n - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes).\n\n - tools/power/cpupower: Fix initializer override in hsw_ext_cstates (bsc#1112178).\n\n - usb: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes).\n\n - usb: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes).\n\n - usb: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes).\n\n - usb: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes).\n\n - usb: Fix out of sync data toggle if a configured device is reconfigured (git-fixes).\n\n - usb: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes).\n\n - usb: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes).\n\n - usb: gadget: u_f: add overflow checks to VLA macros (git-fixes).\n\n - usb: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes).\n\n - usb: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08).\n\n - usblp: fix race between disconnect() and read() (git-fixes).\n\n - usb: lvtest: return proper error code in probe (git-fixes).\n\n - usbnet: ipheth: fix potential NULL pointer dereference in ipheth_carrier_set (git-fixes).\n\n - usb: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes).\n\n - usb: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes).\n\n - usb: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes).\n\n - usb: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes).\n\n - usb: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes).\n\n - usb: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes).\n\n - usb: serial: option: support dynamic Quectel USB compositions (git-fixes).\n\n - usb: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes).\n\n - usb: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes).\n\n - usb: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes).\n\n - usb: uas: Add quirk for PNY Pro Elite (git-fixes).\n\n - usb: UAS: fix disconnect by unplugging a hub (git-fixes).\n\n - usb: yurex: Fix bad gfp argument (git-fixes).\n\n - vgacon: remove software scrollback support (bsc#1176278).\n\n - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes).\n\n - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)).\n\n - vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes).\n\n - vrf: prevent adding upper devices (git-fixes).\n\n - vxge: fix return of a free'd memblock on a failed dma mapping (git-fixes).\n\n - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178).\n\n - xen: do not reschedule in preemption off sections (bsc#1175749).\n\n - xen/events: do not use chip_data for legacy IRQs (bsc#1065600).\n\n - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600).\n\n - xgbe: no need to check return value of debugfs_create functions (git-fixes).\n\n - xgbe: switch to more generic VxLAN detection (git-fixes).\n\n - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes).\n\n - yam: fix possible memory leak in yam_init_driver (git-fixes).", "cvss3": {}, "published": "2020-10-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-1655)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-14381", "CVE-2020-14386", "CVE-2020-14390", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-26088"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1655.NASL", "href": "https://www.tenable.com/plugins/nessus/141388", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1655.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141388);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-0404\", \"CVE-2020-0427\", \"CVE-2020-0431\", \"CVE-2020-0432\", \"CVE-2020-14381\", \"CVE-2020-14386\", \"CVE-2020-14390\", \"CVE-2020-25212\", \"CVE-2020-25284\", \"CVE-2020-25641\", \"CVE-2020-25643\", \"CVE-2020-26088\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-1655)\");\n script_summary(english:\"Check for the openSUSE-2020-1655 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-25212: Fixed nfs getxattr kernel panic and\n memory overflow that could lead to crashes or privilege\n escalations (bsc#1176381).\n\n - CVE-2020-14381: Fixed inode life-time issue in futex\n handling (bsc#1176011).\n\n - CVE-2020-25643: Memory corruption and a read overflow is\n caused by improper input validation in the\n ppp_cp_parse_cr function which can cause the system to\n crash or cause a denial of service. The highest threat\n from this vulnerability is to data confidentiality and\n integrity as well as system availability (bnc#1177206).\n\n - CVE-2020-25641: A zero-length biovec request issued by\n the block subsystem could cause the kernel to enter an\n infinite loop, causing a denial of service. This flaw\n allowed a local attacker with basic privileges to issue\n requests to a block device, resulting in a denial of\n service. The highest threat from this vulnerability is\n to system availability (bnc#1177121).\n\n - CVE-2020-26088: A missing CAP_NET_RAW check in NFC\n socket creation in net/nfc/rawsock.c could be used by\n local attackers to create raw sockets, bypassing\n security mechanisms, aka CID-26896f01467a (bnc#1176990).\n\n - CVE-2020-14390: When changing screen size, an\n out-of-bounds memory write can occur leading to memory\n corruption or a denial of service. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled out\n (bnc#1176235 bnc#1176278).\n\n - CVE-2020-0432: In skb_to_mamac of networking.c, there is\n a possible out of bounds write due to an integer\n overflow. This could lead to local escalation of\n privilege with no additional execution privileges\n needed. User interaction is not needed for exploitation\n (bnc#1176721).\n\n - CVE-2020-0427: In create_pinctrl of core.c, there is a\n possible out of bounds read due to a use after free.\n This could lead to local information disclosure with no\n additional execution privileges needed. User interaction\n is not needed for exploitation (bnc#1176725).\n\n - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a\n possible out of bounds write due to a missing bounds\n check. This could lead to local escalation of privilege\n with no additional execution privileges needed. User\n interaction is not needed for exploitation\n (bnc#1176722).\n\n - CVE-2020-0404: In uvc_scan_chain_forward of\n uvc_driver.c, there is a possible linked list corruption\n due to an unusual root cause. This could lead to local\n escalation of privilege in the kernel with no additional\n execution privileges needed. User interaction is not\n needed for exploitation (bnc#1176423).\n\n - CVE-2020-25284: The rbd block device driver in\n drivers/block/rbd.c used incomplete permission checking\n for access to rbd devices, which could be leveraged by\n local attackers to map or unmap rbd block devices, aka\n CID-f44d04e696fe (bnc#1176482).\n\n - CVE-2020-14386: Memory corruption in af_apcket can be\n exploited to gain root privileges from unprivileged\n processes. The highest threat from this vulnerability is\n to data confidentiality and integrity (bnc#1176069).\n\nThe following non-security bugs were fixed :\n\n - 9p: Fix memory leak in v9fs_mount (git-fixes).\n\n - ACPI: EC: Reference count query handlers under lock\n (git-fixes).\n\n - Add de2b41be8fcc x86, vmlinux.lds: Page-align end of\n ..page_aligned sections\n\n - Add f29dfa53cc8a x86/bugs/multihit: Fix mitigation\n reporting when VMX is not in use\n\n - airo: Add missing CAP_NET_ADMIN check in\n AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes).\n\n - airo: Fix possible info leak in\n AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes).\n\n - airo: Fix read overflows sending packets (git-fixes).\n\n - ALSA: asihpi: fix iounmap in error handler (git-fixes).\n\n - ALSA: firewire-digi00x: exclude Avid Adrenaline from\n detection (git-fixes).\n\n - ALSA; firewire-tascam: exclude Tascam FE-8 from\n detection (git-fixes).\n\n - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes).\n\n - ALSA: hda: fix a runtime pm issue in SOF when integrated\n GPU is disabled (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion\n NT950XCJ-X716A (git-fixes).\n\n - ALSA: hda/realtek - Improved routing for Thinkpad X1\n 7th/8th Gen (git-fixes).\n\n - altera-stapl: altera_get_note: prevent write beyond end\n of 'key' (git-fixes).\n\n - amd-xgbe: Add a check for an skb in the timestamp path\n (git-fixes).\n\n - amd-xgbe: Add additional dynamic debug messages\n (git-fixes).\n\n - amd-xgbe: Add additional ethtool statistics (git-fixes).\n\n - amd-xgbe: Add ethtool show/set channels support\n (git-fixes).\n\n - amd-xgbe: Add ethtool show/set ring parameter support\n (git-fixes).\n\n - amd-xgbe: Add ethtool support to retrieve SFP module\n info (git-fixes).\n\n - amd-xgbe: Add hardware features debug output\n (git-fixes).\n\n - amd-xgbe: Add NUMA affinity support for IRQ hints\n (git-fixes).\n\n - amd-xgbe: Add NUMA affinity support for memory\n allocations (git-fixes).\n\n - amd-xgbe: Add per queue Tx and Rx statistics\n (git-fixes).\n\n - amd-xgbe: Advertise FEC support with the KR re-driver\n (git-fixes).\n\n - amd-xgbe: Always attempt link training in KR mode\n (git-fixes).\n\n - amd-xgbe: Be sure driver shuts down cleanly on module\n removal (git-fixes).\n\n - amd-xgbe: Convert to generic power management\n (git-fixes).\n\n - amd-xgbe: Fix debug output of max channel counts\n (git-fixes).\n\n - amd-xgbe: Fix error path in xgbe_mod_init() (git-fixes).\n\n - amd-xgbe: Fixes for working with PHYs that support\n 2.5GbE (git-fixes).\n\n - amd-xgbe: Fix SFP PHY supported/advertised settings\n (git-fixes).\n\n - amd-xgbe: fix spelling mistake: 'avialable' ->\n 'available' (git-fixes).\n\n - amd-xgbe: Handle return code from software reset\n function (git-fixes).\n\n - amd-xgbe: Improve SFP 100Mbps auto-negotiation\n (git-fixes).\n\n - amd-xgbe: Interrupt summary bits are h/w version\n dependent (git-fixes).\n\n - amd-xgbe: Limit the I2C error messages that are output\n (git-fixes).\n\n - amd-xgbe: Mark expected switch fall-throughs\n (git-fixes).\n\n - amd-xgbe: Optimize DMA channel interrupt enablement\n (git-fixes).\n\n - amd-xgbe: Prepare for ethtool set-channel support\n (git-fixes).\n\n - amd-xgbe: Prevent looping forever if timestamp update\n fails (git-fixes).\n\n - amd-xgbe: Read and save the port property registers\n during probe (git-fixes).\n\n - amd-xgbe: Remove field that indicates SFP diagnostic\n support (git-fixes).\n\n - amd-xgbe: remove unnecessary conversion to bool\n (git-fixes).\n\n - amd-xgbe: Remove use of comm_owned field (git-fixes).\n\n - amd-xgbe: Set the MDIO mode for 10000Base-T\n configuration (git-fixes).\n\n - amd-xgbe: Simplify the burst length settings\n (git-fixes).\n\n - amd-xgbe: Update the BelFuse quirk to support SGMII\n (git-fixes).\n\n - amd-xgbe: Update TSO packet statistics accuracy\n (git-fixes).\n\n - amd-xgbe: use devm_platform_ioremap_resource() to\n simplify code (git-fixes).\n\n - amd-xgbe: use dma_mapping_error to check map errors\n (git-fixes).\n\n - amd-xgbe: Use __napi_schedule() in BH context\n (git-fixes).\n\n - amd-xgbe: Use the proper register during PTP\n initialization (git-fixes).\n\n - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter\n (git-fixes).\n\n - arm64: KVM: Do not generate UNDEF when LORegion feature\n is present (jsc#SLE-4084).\n\n - arm64: KVM: regmap: Fix unexpected switch fall-through\n (jsc#SLE-4084).\n\n - asm-generic: fix -Wtype-limits compiler warnings\n (bsc#1112178).\n\n - ASoC: kirkwood: fix IRQ error handling (git-fixes).\n\n - ASoC: tegra: Fix reference count leaks (git-fixes).\n\n - ath10k: fix array out-of-bounds access (git-fixes).\n\n - ath10k: fix memory leak for tpc_stats_final (git-fixes).\n\n - ath10k: use kzalloc to read for\n ath10k_sdio_hif_diag_read (git-fixes).\n\n - batman-adv: Add missing include for in_interrupt()\n (git-fixes).\n\n - batman-adv: Avoid uninitialized chaddr when handling\n DHCP (git-fixes).\n\n - batman-adv: bla: fix type misuse for backbone_gw hash\n indexing (git-fixes).\n\n - batman-adv: bla: use netif_rx_ni when not in interrupt\n context (git-fixes).\n\n - batman-adv: mcast: fix duplicate mcast packets in BLA\n backbone from mesh (git-fixes).\n\n - batman-adv: mcast/TT: fix wrongly dropped or rerouted\n packets (git-fixes).\n\n - bcache: Convert pr_<level> uses to a more typical style\n (git fixes (block drivers)).\n\n - bcache: fix overflow in offset_to_stripe() (git fixes\n (block drivers)).\n\n - bcm63xx_enet: correct clock usage (git-fixes).\n\n - bcm63xx_enet: do not write to random DMA channel on\n BCM6345 (git-fixes).\n\n - bitfield.h: do not compile-time validate _val in\n FIELD_FIT (git fixes (bitfield)).\n\n - blktrace: fix debugfs use after free (git fixes (block\n drivers)).\n\n - block: add docs for gendisk / request_queue refcount\n helpers (git fixes (block drivers)).\n\n - block: revert back to synchronous request_queue removal\n (git fixes (block drivers)).\n\n - block: Use non _rcu version of list functions for\n tag_set_list (git-fixes).\n\n - Bluetooth: Fix refcount use-after-free issue\n (git-fixes).\n\n - Bluetooth: guard against controllers sending zero'd\n events (git-fixes).\n\n - Bluetooth: Handle Inquiry Cancel error after Inquiry\n Complete (git-fixes).\n\n - Bluetooth: L2CAP: handle l2cap config request during\n open state (git-fixes).\n\n - Bluetooth: prefetch channel before killing sock\n (git-fixes).\n\n - bnxt_en: Fix completion ring sizing with TPA enabled\n (networking-stable-20_07_29).\n\n - bonding: use nla_get_u64 to extract the value for\n IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes).\n\n - btrfs: require only sector size alignment for parent eb\n bytenr (bsc#1176789).\n\n - btrfs: tree-checker: fix the error message for transid\n error (bsc#1176788).\n\n - ceph: do not allow setlease on cephfs (bsc#1177041).\n\n - ceph: fix potential mdsc use-after-free crash\n (bsc#1177042).\n\n - ceph: fix use-after-free for fsc->mdsc (bsc#1177043).\n\n - ceph: handle zero-length feature mask in session\n messages (bsc#1177044).\n\n - cfg80211: regulatory: reject invalid hints\n (bsc#1176699).\n\n - cifs: Fix leak when handling lease break for cached root\n fid (bsc#1176242).\n\n - cifs/smb3: Fix data inconsistent when punch hole\n (bsc#1176544).\n\n - cifs/smb3: Fix data inconsistent when zero file range\n (bsc#1176536).\n\n - clk: Add (devm_)clk_get_optional() functions\n (git-fixes).\n\n - clk: rockchip: Fix initialization of mux_pll_src_4plls_p\n (git-fixes).\n\n - clk: samsung: exynos4: mark 'chipid' clock as\n CLK_IGNORE_UNUSED (git-fixes).\n\n - clk/ti/adpll: allocate room for terminating null\n (git-fixes).\n\n - clocksource/drivers/h8300_timer8: Fix wrong return value\n in h8300_8timer_init() (git-fixes).\n\n - cpufreq: intel_pstate: Fix EPP setting via sysfs in\n active mode (bsc#1176966).\n\n - dmaengine: at_hdmac: check return value of\n of_find_device_by_node() in at_dma_xlate() (git-fixes).\n\n - dmaengine: of-dma: Fix of_dma_router_xlate's\n of_dma_xlate handling (git-fixes).\n\n - dmaengine: pl330: Fix burst length if burst size is\n smaller than bus width (git-fixes).\n\n - dmaengine: tegra-apb: Prevent race conditions on\n channel's freeing (git-fixes).\n\n - dmaengine: zynqmp_dma: fix burst length configuration\n (git-fixes).\n\n - dm crypt: avoid truncating the logical block size (git\n fixes (block drivers)).\n\n - dm: fix redundant IO accounting for bios that need\n splitting (git fixes (block drivers)).\n\n - dm integrity: fix a deadlock due to offloading to an\n incorrect workqueue (git fixes (block drivers)).\n\n - dm integrity: fix integrity recalculation that is\n improperly skipped (git fixes (block drivers)).\n\n - dm: report suspended device during destroy (git fixes\n (block drivers)).\n\n - dm rq: do not call blk_mq_queue_stopped() in\n dm_stop_queue() (git fixes (block drivers)).\n\n - dm: use noio when sending kobject event (git fixes\n (block drivers)).\n\n - dm writecache: add cond_resched to loop in\n persistent_memory_claim() (git fixes (block drivers)).\n\n - dm writecache: correct uncommitted_block when discarding\n uncommitted entry (git fixes (block drivers)).\n\n - dm zoned: assign max_io_len correctly (git fixes (block\n drivers)).\n\n - drivers: char: tlclk.c: Avoid data race between init and\n interrupt handler (git-fixes).\n\n - Drivers: hv: Specify receive buffer size using Hyper-V\n page size (bsc#1176877).\n\n - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload\n (git-fixes).\n\n - drivers: net: add missing interrupt.h include\n (git-fixes).\n\n - drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case\n (git-fixes).\n\n - drivers/net/wan/x25_asy: Fix to make it work\n (networking-stable-20_07_29).\n\n - drm/amd/display: dal_ddc_i2c_payloads_create can fail\n causing panic (git-fixes).\n\n - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl\n (git-fixes).\n\n - drm/amdgpu/display: fix ref count leak when\n pm_runtime_get_sync fails (git-fixes).\n\n - drm/amdgpu: Fix buffer overflow in INFO ioctl\n (git-fixes).\n\n - drm/amdgpu: Fix bug in reporting voltage for CIK\n (git-fixes).\n\n - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms\n (git-fixes).\n\n - drm/amdgpu: increase atombios cmd timeout (git-fixes).\n\n - drm/amdgpu/powerplay: fix AVFS handling with custom\n powerplay table (git-fixes).\n\n - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom\n powerplay table (git-fixes).\n\n - drm/amdkfd: fix a memory leak issue (git-fixes).\n\n - drm/amdkfd: Fix reference count leaks (git-fixes).\n\n - drm/amd/pm: correct Vega10 swctf limit setting\n (git-fixes).\n\n - drm/amd/pm: correct Vega12 swctf limit setting\n (git-fixes).\n\n - drm/ast: Initialize DRAM type before posting GPU\n (bsc#1113956) 	* context changes\n\n - drm/mediatek: Add exception handing in mtk_drm_probe()\n if component init fail (git-fixes).\n\n - drm/mediatek: Add missing put_device() call in\n mtk_hdmi_dt_parse_pdata() (git-fixes).\n\n - drm/msm/a5xx: Always set an OPP supported hardware value\n (git-fixes).\n\n - drm/msm: add shutdown support for display\n platform_driver (git-fixes).\n\n - drm/msm: Disable preemption on all 5xx targets\n (git-fixes).\n\n - drm/msm: fix leaks if initialization fails (git-fixes).\n\n - drm/msm/gpu: make ringbuffer readonly (bsc#1112178)\n 	* context changes\n\n - drm/nouveau/debugfs: fix runtime pm imbalance on error\n (git-fixes).\n\n - drm/nouveau/dispnv50: fix runtime pm imbalance on error\n (git-fixes).\n\n - drm/nouveau/drm/noveau: fix reference count leak in\n nouveau_fbcon_open (git-fixes).\n\n - drm/nouveau: Fix reference count leak in\n nouveau_connector_detect (git-fixes).\n\n - drm/nouveau: fix reference count leak in\n nv50_disp_atomic_commit (git-fixes).\n\n - drm/nouveau: fix runtime pm imbalance on error\n (git-fixes).\n\n - drm/omap: fix possible object reference leak\n (git-fixes).\n\n - drm/radeon: fix multiple reference count leak\n (git-fixes).\n\n - drm/radeon: Prefer lower feedback dividers (git-fixes).\n\n - drm/radeon: revert 'Prefer lower feedback dividers'\n (git-fixes).\n\n - drm/sun4i: Fix dsi dcs long write function (git-fixes).\n\n - drm/sun4i: sun8i-csc: Secondary CSC register correction\n (git-fixes).\n\n - drm/tve200: Stabilize enable/disable (git-fixes).\n\n - drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes).\n\n - e1000: Do not perform reset in reset_task if we are\n already down (git-fixes).\n\n - EDAC: Fix reference count leaks (bsc#1112178).\n\n - fbcon: prevent user font height or width change from\n causing (bsc#1112178)\n\n - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race\n (bsc#1176950).\n\n - ftrace: Move RCU is watching check after recursion check\n (git-fixes).\n\n - ftrace: Setup correct FTRACE_FL_REGS flags for module\n (git-fixes).\n\n - gma/gma500: fix a memory disclosure bug due to\n uninitialized bytes (git-fixes).\n\n - gpio: tc35894: fix up tc35894 interrupt configuration\n (git-fixes).\n\n - gtp: add missing gtp_encap_disable_sock() in\n gtp_encap_enable() (git-fixes).\n\n - gtp: fix Illegal context switch in RCU read-side\n critical section (git-fixes).\n\n - gtp: fix use-after-free in gtp_newlink() (git-fixes).\n\n - HID: hiddev: Fix slab-out-of-bounds write in\n hiddev_ioctl_usage() (git-fixes).\n\n - hsr: use netdev_err() instead of WARN_ONCE()\n (bsc#1176659).\n\n - hv_utils: drain the timesync packets on\n onchannelcallback (bsc#1176877).\n\n - hv_utils: return error if host timesysnc update is stale\n (bsc#1176877).\n\n - hwmon: (applesmc) check status earlier (git-fixes).\n\n - i2c: core: Do not fail PRP0001 enumeration when no ID\n table exist (git-fixes).\n\n - i2c: cpm: Fix i2c_ram structure (git-fixes).\n\n - ibmvnic: add missing parenthesis in do_reset()\n (bsc#1176700 ltc#188140).\n\n - ieee802154/adf7242: check status of adf7242_read_reg\n (git-fixes).\n\n - ieee802154: fix one possible memleak in\n ca8210_dev_com_init (git-fixes).\n\n - iio:accel:bmc150-accel: Fix timestamp alignment and\n prevent data leak (git-fixes).\n\n - iio: accel: kxsd9: Fix alignment of local buffer\n (git-fixes).\n\n - iio:accel:mma7455: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:adc:ina2xx Fix timestamp alignment issue\n (git-fixes).\n\n - iio: adc: mcp3422: fix locking on error path\n (git-fixes).\n\n - iio: adc: mcp3422: fix locking scope (git-fixes).\n\n - iio:adc:ti-adc081c Fix alignment and data leak issues\n (git-fixes).\n\n - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is\n not set (git-fixes).\n\n - iio: improve IIO_CONCENTRATION channel type description\n (git-fixes).\n\n - iio:light:ltr501 Fix timestamp alignment issue\n (git-fixes).\n\n - iio:light:max44000 Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:magnetometer:ak8975 Fix alignment and data leak\n issues (git-fixes).\n\n - include: add additional sizes (bsc#1094244 ltc#168122).\n\n - iommu/amd: Fix IOMMU AVIC not properly update the is_run\n bit in IRTE (bsc#1177293).\n\n - iommu/amd: Fix potential @entry null deref\n (bsc#1177294).\n\n - iommu/amd: Print extended features in one line to fix\n divergent log levels (bsc#1176316).\n\n - iommu/amd: Re-factor guest virtual APIC (de-)activation\n code (bsc#1177291).\n\n - iommu/amd: Restore IRTE.RemapEn bit after programming\n IRTE (bsc#1176317).\n\n - iommu/amd: Restore IRTE.RemapEn bit for\n amd_iommu_activate_guest_mode (bsc#1177295).\n\n - iommu/amd: Use cmpxchg_double() when updating 128-bit\n IRTE (bsc#1176318).\n\n - iommu/exynos: add missing put_device() call in\n exynos_iommu_of_xlate() (bsc#1177296).\n\n - iommu/omap: Check for failure of a call to\n omap_iommu_dump_ctx (bsc#1176319).\n\n - iommu/vt-d: Serialize IOMMU GCMD register modifications\n (bsc#1176320).\n\n - kernel-binary.spec.in: Package the obj_install_dir as\n explicit filelist.\n\n - kernel-syms.spec.in: Also use bz compression\n (boo#1175882).\n\n - KVM: arm64: Change 32-bit handling of VM system\n registers (jsc#SLE-4084).\n\n - KVM: arm64: Cleanup __activate_traps and\n __deactive_traps for VHE and non-VHE (jsc#SLE-4084).\n\n - KVM: arm64: Configure c15, PMU, and debug register traps\n on cpu load/put for VHE (jsc#SLE-4084).\n\n - KVM: arm64: Defer saving/restoring 32-bit sysregs to\n vcpu load/put (jsc#SLE-4084).\n\n - KVM: arm64: Defer saving/restoring 64-bit sysregs to\n vcpu load/put on VHE (jsc#SLE-4084).\n\n - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled\n functions (jsc#SLE-4084).\n\n - KVM: arm64: Do not deactivate VM on VHE systems\n (jsc#SLE-4084).\n\n - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on\n VHE systems (jsc#SLE-4084).\n\n - KVM: arm64: Factor out fault info population and gic\n workarounds (jsc#SLE-4084).\n\n - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments\n (jsc#SLE-4084).\n\n - KVM: arm64: Forbid kprobing of the VHE world-switch code\n (jsc#SLE-4084).\n\n - KVM: arm64: Improve debug register save/restore flow\n (jsc#SLE-4084).\n\n - KVM: arm64: Introduce framework for accessing deferred\n sysregs (jsc#SLE-4084).\n\n - KVM: arm64: Introduce separate VHE/non-VHE sysreg\n save/restore functions (jsc#SLE-4084).\n\n - KVM: arm64: Introduce VHE-specific kvm_vcpu_run\n (jsc#SLE-4084).\n\n - KVM: arm64: Move common VHE/non-VHE trap config in\n separate functions (jsc#SLE-4084).\n\n - KVM: arm64: Move debug dirty flag calculation out of\n world switch (jsc#SLE-4084).\n\n - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2\n guest flag (jsc#SLE-4084).\n\n - KVM: arm64: Move userspace system registers into\n separate function (jsc#SLE-4084).\n\n - KVM: arm64: Prepare to handle deferred save/restore of\n 32-bit registers (jsc#SLE-4084).\n\n - KVM: arm64: Prepare to handle deferred save/restore of\n ELR_EL1 (jsc#SLE-4084).\n\n - KVM: arm64: Remove kern_hyp_va() use in VHE switch\n function (jsc#SLE-4084).\n\n - KVM: arm64: Remove noop calls to timer save/restore from\n VHE switch (jsc#SLE-4084).\n\n - KVM: arm64: Rework hyp_panic for VHE and non-VHE\n (jsc#SLE-4084).\n\n - KVM: arm64: Rewrite sysreg alternatives to static keys\n (jsc#SLE-4084).\n\n - KVM: arm64: Rewrite system register accessors to\n read/write functions (jsc#SLE-4084).\n\n - KVM: arm64: Slightly improve debug save/restore\n functions (jsc#SLE-4084).\n\n - KVM: arm64: Unify non-VHE host/guest sysreg save and\n restore functions (jsc#SLE-4084).\n\n - KVM: arm64: Write arch.mdcr_el2 changes since last\n vcpu_load on VHE (jsc#SLE-4084).\n\n - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls\n than KVM_RUN (jsc#SLE-4084).\n\n - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no\n IRQs (jsc#SLE-4084).\n\n - KVM: arm/arm64: Get rid of vcpu->arch.irq_lines\n (jsc#SLE-4084).\n\n - KVM: arm/arm64: Handle VGICv3 save/restore from the main\n VGIC code on VHE (jsc#SLE-4084).\n\n - KVM: arm/arm64: Move vcpu_load call after\n kvm_vcpu_first_run_init (jsc#SLE-4084).\n\n - KVM: arm/arm64: Move VGIC APR save/restore to vgic\n put/load (jsc#SLE-4084).\n\n - KVM: arm/arm64: Prepare to handle deferred save/restore\n of SPSR_EL1 (jsc#SLE-4084).\n\n - KVM: arm/arm64: Remove leftover comment from\n kvm_vcpu_run_vhe (jsc#SLE-4084).\n\n - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific\n kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific\n kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific\n kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl\n (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific\n kvm_arch_vcpu_ioctl_run (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific\n kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific\n kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific\n kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific\n kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific\n kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084).\n\n - KVM: Move vcpu_load to arch-specific\n kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084).\n\n - KVM: PPC: Fix compile error that occurs when\n CONFIG_ALTIVEC=n (jsc#SLE-4084).\n\n - KVM: Prepare for moving vcpu_load/vcpu_put into arch\n specific code (jsc#SLE-4084).\n\n - KVM: SVM: Add a dedicated INVD intercept routine\n (bsc#1112178).\n\n - KVM: SVM: Fix disable pause loop exit/pause filtering\n capability on SVM (bsc#1176321).\n\n - KVM: SVM: fix svn_pin_memory()'s use of\n get_user_pages_fast() (bsc#1112178).\n\n - KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084).\n\n - libceph: allow setting abort_on_full for rbd\n (bsc#1169972).\n\n - libnvdimm: cover up nvdimm_security_ops changes\n (bsc#1171742).\n\n - libnvdimm: cover up struct nvdimm changes (bsc#1171742).\n\n - libnvdimm/security, acpi/nfit: unify zero-key for all\n security commands (bsc#1171742).\n\n - libnvdimm/security: fix a typo (bsc#1171742\n bsc#1167527).\n\n - libnvdimm/security: Introduce a 'frozen' attribute\n (bsc#1171742).\n\n - lib/raid6: use vdupq_n_u8 to avoid endianness warnings\n (git fixes (block drivers)).\n\n - livepatch: Add -fdump-ipa-clones to build (). Add\n support for -fdump-ipa-clones GCC option. Update config\n files accordingly.\n\n - mac802154: tx: fix use-after-free (git-fixes).\n\n - md: raid0/linear: fix dereference before null check on\n pointer mddev (git fixes (block drivers)).\n\n - media: davinci: vpif_capture: fix potential double free\n (git-fixes).\n\n - media: pci: ttpci: av7110: fix possible buffer overflow\n caused by bad DMA value in debiirq() (git-fixes).\n\n - media: smiapp: Fix error handling at NVM reading\n (git-fixes).\n\n - media: ti-vpe: cal: Restrict DMA to avoid memory\n corruption (git-fixes).\n\n - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs\n (git-fixes).\n\n - mfd: mfd-core: Protect against NULL call-back function\n pointer (git-fixes).\n\n - mm: Avoid calling build_all_zonelists_init under hotplug\n context (bsc#1154366).\n\n - mmc: cqhci: Add cqhci_deactivate() (git-fixes).\n\n - mmc: sdhci-msm: Add retries when all tuning phases are\n found valid (git-fixes).\n\n - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel\n GLK-based controllers (git-fixes).\n\n - mmc: sdhci: Workaround broken command queuing on Intel\n GLK based IRBIS models (git-fixes).\n\n - mm/page_alloc.c: fix a crash in free_pages_prepare()\n (git fixes (mm/pgalloc)).\n\n - mm/vmalloc.c: move 'area->pages' after if statement (git\n fixes (mm/vmalloc)).\n\n - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error\n path of cfi_amdstd_setup() (git-fixes).\n\n - mtd: lpddr: Fix a double free in probe() (git-fixes).\n\n - mtd: phram: fix a double free issue in error path\n (git-fixes).\n\n - mtd: properly check all write ioctls for permissions\n (git-fixes).\n\n - net: 8390: Fix manufacturer name in Kconfig help text\n (git-fixes).\n\n - net: amd: fix return type of ndo_start_xmit function\n (git-fixes).\n\n - net/amd: Remove useless driver version (git-fixes).\n\n - net: amd-xgbe: fix comparison to bitshift when dealing\n with a mask (git-fixes).\n\n - net: amd-xgbe: Get rid of custom hex_dump_to_buffer()\n (git-fixes).\n\n - net: apple: Fix manufacturer name in Kconfig help text\n (git-fixes).\n\n - net: broadcom: Fix manufacturer name in Kconfig help\n text (git-fixes).\n\n - net: dsa: b53: Fix sparse warnings in b53_mmap.c\n (git-fixes).\n\n - net: dsa: b53: Use strlcpy() for ethtool::get_strings\n (git-fixes).\n\n - net: dsa: mv88e6xxx: fix 6085 frame mode masking\n (git-fixes).\n\n - net: dsa: mv88e6xxx: Fix interrupt masking on removal\n (git-fixes).\n\n - net: dsa: mv88e6xxx: Fix name of switch 88E6141\n (git-fixes).\n\n - net: dsa: mv88e6xxx: fix shift of FID bits in\n mv88e6185_g1_vtu_loadpurge() (git-fixes).\n\n - net: dsa: mv88e6xxx: Unregister MDIO bus on error path\n (git-fixes).\n\n - net: dsa: qca8k: Allow overwriting CPU port setting\n (git-fixes).\n\n - net: dsa: qca8k: Enable RXMAC when bringing up a port\n (git-fixes).\n\n - net: dsa: qca8k: Force CPU port to its highest bandwidth\n (git-fixes).\n\n - net: ethernet: mlx4: Fix memory allocation in\n mlx4_buddy_init() (git-fixes).\n\n - net: fs_enet: do not call phy_stop() in interrupts\n (git-fixes).\n\n - net: initialize fastreuse on inet_inherit_port\n (networking-stable-20_08_15).\n\n - net: lan78xx: Bail out if lan78xx_get_endpoints fails\n (git-fixes).\n\n - net: lan78xx: replace bogus endpoint lookup\n (networking-stable-20_08_08).\n\n - net: lio_core: fix potential sign-extension overflow on\n large shift (git-fixes).\n\n - net/mlx5: Add meaningful return codes to status_to_err\n function (git-fixes).\n\n - net/mlx5: E-Switch, Use correct flags when configuring\n vlan (git-fixes).\n\n - net/mlx5e: XDP, Avoid checksum complete when XDP prog is\n loaded (git-fixes).\n\n - net: mvmdio: defer probe of orion-mdio if a clock is not\n ready (git-fixes).\n\n - net: mvneta: fix mtu change on port without link\n (git-fixes).\n\n - net-next: ax88796: Do not free IRQ in ax_remove()\n (already freed in ax_close()) (git-fixes).\n\n - net/nfc/rawsock.c: add CAP_NET_RAW check\n (networking-stable-20_08_15).\n\n - net: qca_spi: Avoid packet drop during initial sync\n (git-fixes).\n\n - net: qca_spi: Make sure the QCA7000 reset is triggered\n (git-fixes).\n\n - net: refactor bind_bucket fastreuse into helper\n (networking-stable-20_08_15).\n\n - net/smc: fix dmb buffer shortage (git-fixes).\n\n - net/smc: fix restoring of fallback changes (git-fixes).\n\n - net/smc: fix sock refcounting in case of termination\n (git-fixes).\n\n - net/smc: improve close of terminated socket (git-fixes).\n\n - net/smc: Prevent kernel-infoleak in __smc_diag_dump()\n (git-fixes).\n\n - net/smc: remove freed buffer from list (git-fixes).\n\n - net/smc: reset sndbuf_desc if freed (git-fixes).\n\n - net/smc: set rx_off for SMCR explicitly (git-fixes).\n\n - net/smc: switch smcd_dev_list spinlock to mutex\n (git-fixes).\n\n - net/smc: tolerate future SMCD versions (git-fixes).\n\n - net: stmmac: call correct function in\n stmmac_mac_config_rx_queues_routing() (git-fixes).\n\n - net: stmmac: Disable ACS Feature for GMAC >= 4\n (git-fixes).\n\n - net: stmmac: do not stop NAPI processing when dropping a\n packet (git-fixes).\n\n - net: stmmac: dwmac4: fix flow control issue (git-fixes).\n\n - net: stmmac: dwmac_lib: fix interchanged sleep/timeout\n values in DMA reset function (git-fixes).\n\n - net: stmmac: dwmac-meson8b: Add missing boundary to\n RGMII TX clock array (git-fixes).\n\n - net: stmmac: dwmac-meson8b: fix internal RGMII clock\n configuration (git-fixes).\n\n - net: stmmac: dwmac-meson8b: fix setting the RGMII TX\n clock on Meson8b (git-fixes).\n\n - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on\n Meson8b/8m2 SoCs (git-fixes).\n\n - net: stmmac: dwmac-meson8b: only configure the clocks in\n RGMII mode (git-fixes).\n\n - net: stmmac: dwmac-meson8b: propagate rate changes to\n the parent clock (git-fixes).\n\n - net: stmmac: Fix error handling path in\n 'alloc_dma_rx_desc_resources()' (git-fixes).\n\n - net: stmmac: Fix error handling path in\n 'alloc_dma_tx_desc_resources()' (git-fixes).\n\n - net: stmmac: rename dwmac4_tx_queue_routing() to match\n reality (git-fixes).\n\n - net: stmmac: set MSS for each tx DMA channel\n (git-fixes).\n\n - net: stmmac: Use correct values in TQS/RQS fields\n (git-fixes).\n\n - net-sysfs: add a newline when printing 'tx_timeout' by\n sysfs (networking-stable-20_07_29).\n\n - net: systemport: Fix software statistics for SYSTEMPORT\n Lite (git-fixes).\n\n - net: systemport: Fix sparse warnings in\n bcm_sysport_insert_tsb() (git-fixes).\n\n - net: tc35815: Explicitly check NET_IP_ALIGN is not zero\n in tc35815_rx (git-fixes).\n\n - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE()\n (git-fixes).\n\n - net: ucc_geth - fix Oops when changing number of buffers\n in the ring (git-fixes).\n\n - NFSv4: do not mark all open state for recovery when\n handling recallable state revoked flag (bsc#1176935).\n\n - nvme-fc: set max_segments to lldd max value\n (bsc#1176038).\n\n - nvme-pci: override the value of the controller's numa\n node (bsc#1176507).\n\n - ocfs2: give applications more IO opportunities during\n fstrim (bsc#1175228).\n\n - omapfb: fix multiple reference count leaks due to\n pm_runtime_get_sync (git-fixes).\n\n - PCI/ASPM: Allow re-enabling Clock PM (git-fixes).\n\n - PCI: Fix pci_create_slot() reference count leak\n (git-fixes).\n\n - PCI: qcom: Add missing ipq806x clocks in PCIe driver\n (git-fixes).\n\n - PCI: qcom: Add missing reset for ipq806x (git-fixes).\n\n - PCI: qcom: Add support for tx term offset for rev 2.1.0\n (git-fixes).\n\n - PCI: qcom: Define some PARF params needed for ipq8064\n SoC (git-fixes).\n\n - PCI: rcar: Fix incorrect programming of OB windows\n (git-fixes).\n\n - phy: samsung: s5pv210-usb2: Add delay after reset\n (git-fixes).\n\n - pinctrl: mvebu: Fix i2c sda definition for 98DX3236\n (git-fixes).\n\n - platform/x86: fix kconfig dependency warning for\n FUJITSU_LAPTOP (git-fixes).\n\n - platform/x86: thinkpad_acpi: initialize tp_nvram_state\n variable (git-fixes).\n\n - platform/x86: thinkpad_acpi: re-initialize ACPI buffer\n size when reuse (git-fixes).\n\n - powerpc/64s: Blacklist functions invoked on a trap\n (bsc#1094244 ltc#168122).\n\n - powerpc/64s: Fix HV NMI vs HV interrupt recoverability\n test (bsc#1094244 ltc#168122).\n\n - powerpc/64s: Fix unrelocated interrupt trampoline\n address test (bsc#1094244 ltc#168122).\n\n - powerpc/64s: Include <asm/nmi.h> header file to fix a\n warning (bsc#1094244 ltc#168122).\n\n - powerpc/64s: machine check do not trace real-mode\n handler (bsc#1094244 ltc#168122).\n\n - powerpc/64s: sreset panic if there is no debugger or\n crash dump handlers (bsc#1094244 ltc#168122).\n\n - powerpc/64s: system reset interrupt preserve HSRRs\n (bsc#1094244 ltc#168122).\n\n - powerpc: Add cputime_to_nsecs() (bsc#1065729).\n\n - powerpc/book3s64/radix: Add kernel command line option\n to disable radix GTSE (bsc#1055186 ltc#153436).\n\n - powerpc/book3s64/radix: Fix boot failure with large\n amount of guest memory (bsc#1176022 ltc#187208).\n\n - powerpc: Implement ftrace_enabled() helpers (bsc#1094244\n ltc#168122).\n\n - powerpc/init: Do not advertise radix during\n client-architecture-support (bsc#1055186 ltc#153436 ).\n\n - powerpc/kernel: Cleanup machine check function\n declarations (bsc#1065729).\n\n - powerpc/kernel: Enables memory hot-remove after reboot\n on pseries guests (bsc#1177030 ltc#187588).\n\n - powerpc/mm: Enable radix GTSE only if supported\n (bsc#1055186 ltc#153436).\n\n - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash\n guests only (bsc#1177030 ltc#187588).\n\n - powerpc/mm: Move book3s64 specifics in subdirectory\n mm/book3s64 (bsc#1176022 ltc#187208).\n\n - powerpc/powernv: Remove real mode access limit for early\n allocations (bsc#1176022 ltc#187208).\n\n - powerpc/prom: Enable Radix GTSE in cpu pa-features\n (bsc#1055186 ltc#153436).\n\n - powerpc/pseries/le: Work around a firmware quirk\n (bsc#1094244 ltc#168122).\n\n - powerpc/pseries: lift RTAS limit for radix (bsc#1176022\n ltc#187208).\n\n - powerpc/pseries: Limit machine check stack to 4GB\n (bsc#1094244 ltc#168122).\n\n - powerpc/pseries: Machine check use rtas_call_unlocked()\n with args on stack (bsc#1094244 ltc#168122).\n\n - powerpc/pseries: radix is not subject to RMA limit,\n remove it (bsc#1176022 ltc#187208).\n\n - powerpc/pseries/ras: Avoid calling rtas_token() in NMI\n paths (bsc#1094244 ltc#168122).\n\n - powerpc/pseries/ras: Fix FWNMI_VALID off by one\n (bsc#1094244 ltc#168122).\n\n - powerpc/pseries/ras: fwnmi avoid modifying r3 in error\n case (bsc#1094244 ltc#168122).\n\n - powerpc/pseries/ras: fwnmi sreset should not interlock\n (bsc#1094244 ltc#168122).\n\n - powerpc/traps: Do not trace system reset (bsc#1094244\n ltc#168122).\n\n - powerpc/traps: fix recoverability of machine check\n handling on book3s/32 (bsc#1094244 ltc#168122).\n\n - powerpc/traps: Make unrecoverable NMIs die instead of\n panic (bsc#1094244 ltc#168122).\n\n - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction\n for 64bit Book3S (bsc#1065729).\n\n - power: supply: max17040: Correct voltage reading\n (git-fixes).\n\n - rcu: Do RCU GP kthread self-wakeup from softirq and\n interrupt (git fixes (rcu)).\n\n - regulator: push allocation in\n set_consumer_device_supply() out of lock (git-fixes).\n\n - Revert 'ALSA: hda: Add support for Loongson 7A1000\n controller' (git-fixes).\n\n - Revert 'ALSA: usb-audio: Disable Lenovo P620 Rear\n line-in volume control' (git-fixes).\n\n - Revert 'i2c: cadence: Fix the hold bit setting'\n (git-fixes).\n\n - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel\n modules (bsc#1176869 ltc#188243).\n\n - rpm/constraints.in: recognize also kernel-source-azure\n (bsc#1176732)\n\n - rpm/kernel-binary.spec.in: Also sign ppc64 kernels\n (jsc#SLE-15857 jsc#SLE-13618).\n\n - rpm/kernel-cert-subpackage: add CA check on key\n enrollment (bsc#1173115) To avoid the unnecessary key\n enrollment, when enrolling the signing key of the kernel\n package, '--ca-check' is added to mokutil so that\n mokutil will ignore the request if the CA of the signing\n key already exists in MokList or UEFI db. Since the\n macro, %_suse_kernel_module_subpackage, is only defined\n in a kernel module package (KMP), it's used to determine\n whether the %post script is running in a kernel package,\n or a kernel module package.\n\n - rpm/kernel-source.spec.in: Also use bz compression\n (boo#1175882).\n\n - rpm/macros.kernel-source: pass -c proerly in kernel\n module package (bsc#1176698) The '-c' option wasn't\n passed down to %_kernel_module_package so the ueficert\n subpackage wasn't generated even if the certificate is\n specified in the spec file.\n\n - rtc: ds1374: fix possible race condition (git-fixes).\n\n - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes).\n\n - rxrpc: Fix race between recvmsg and sendmsg on immediate\n call failure (networking-stable-20_08_08).\n\n - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg()\n returning ENODATA (networking-stable-20_07_29).\n\n - s390/mm: fix huge pte soft dirty copying (git-fixes).\n\n - s390/qeth: do not process empty bridge port events\n (git-fixes).\n\n - s390/qeth: integrate RX refill worker with NAPI\n (git-fixes).\n\n - s390/qeth: tolerate pre-filled RX buffer (git-fixes).\n\n - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del()\n (bsc#1174899).\n\n - scsi: fnic: Do not call 'scsi_done()' for unhandled\n commands (bsc#1168468, bsc#1171675).\n\n - scsi: ibmvfc: Avoid link down on FS9100 canister reboot\n (bsc#1176962 ltc#188304).\n\n - scsi: ibmvfc: Use compiler attribute defines instead of\n __attribute__() (bsc#1176962 ltc#188304).\n\n - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while\n calling getpeername() (bsc#1177258).\n\n - scsi: libfc: Fix for double free() (bsc#1174899).\n\n - scsi: libfc: free response frame from GPN_ID\n (bsc#1174899).\n\n - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid\n cases (bsc#1174899).\n\n - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes).\n\n - scsi: lpfc: Fix setting IRQ affinity with an empty CPU\n mask (git-fixes).\n\n - scsi: qla2xxx: Fix regression on sparc64 (git-fixes).\n\n - scsi: qla2xxx: Fix the return value (bsc#1171688).\n\n - scsi: qla2xxx: Fix the size used in a\n 'dma_free_coherent()' call (bsc#1171688).\n\n - scsi: qla2xxx: Fix wrong return value in\n qla_nvme_register_hba() (bsc#1171688).\n\n - scsi: qla2xxx: Fix wrong return value in\n qlt_chk_unresolv_exchg() (bsc#1171688).\n\n - scsi: qla2xxx: Handle incorrect entry_type entries\n (bsc#1171688).\n\n - scsi: qla2xxx: Log calling function name in\n qla2x00_get_sp_from_handle() (bsc#1171688).\n\n - scsi: qla2xxx: Remove pci-dma-compat wrapper API\n (bsc#1171688).\n\n - scsi: qla2xxx: Remove redundant variable initialization\n (bsc#1171688).\n\n - scsi: qla2xxx: Remove superfluous memset()\n (bsc#1171688).\n\n - scsi: qla2xxx: Simplify return value logic in\n qla2x00_get_sp_from_handle() (bsc#1171688).\n\n - scsi: qla2xxx: Suppress two recently introduced compiler\n warnings (git-fixes).\n\n - scsi: qla2xxx: Warn if done() or free() are called on an\n already freed srb (bsc#1171688).\n\n - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK\n for Tegra186 (git-fixes).\n\n - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK\n for Tegra210 (git-fixes).\n\n - serial: 8250: 8250_omap: Terminate DMA before pushing\n data on RX timeout (git-fixes).\n\n - serial: 8250_omap: Fix sleeping function called from\n invalid context during probe (git-fixes).\n\n - serial: 8250_port: Do not service RX FIFO if throttled\n (git-fixes).\n\n - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084).\n\n - smb3: Honor persistent/resilient handle flags for\n multiuser mounts (bsc#1176546).\n\n - smb3: Honor 'seal' flag for multiuser mounts\n (bsc#1176545).\n\n - smb3: warn on confusing error scenario with sec=krb5\n (bsc#1176548).\n\n - staging:r8188eu: avoid skb_clone for amsdu to msdu\n conversion (git-fixes).\n\n - stmmac: Do not access tx_q->dirty_tx before\n netif_tx_lock (git-fixes).\n\n - tcp: apply a floor of 1 for RTT samples from TCP\n timestamps (networking-stable-20_08_08).\n\n - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for\n omap4430 (git-fixes).\n\n - tools/power/cpupower: Fix initializer override in\n hsw_ext_cstates (bsc#1112178).\n\n - usb: core: fix slab-out-of-bounds Read in\n read_descriptors (git-fixes).\n\n - usb: dwc3: Increase timeout for CmdAct cleared by device\n controller (git-fixes).\n\n - usb: EHCI: ehci-mv: fix error handling in\n mv_ehci_probe() (git-fixes).\n\n - usb: EHCI: ehci-mv: fix less than zero comparison of an\n unsigned int (git-fixes).\n\n - usb: Fix out of sync data toggle if a configured device\n is reconfigured (git-fixes).\n\n - usb: gadget: f_ncm: add bounds checks to\n ncm_unwrap_ntb() (git-fixes).\n\n - usb: gadget: f_ncm: Fix NDP16 datagram validation\n (git-fixes).\n\n - usb: gadget: u_f: add overflow checks to VLA macros\n (git-fixes).\n\n - usb: gadget: u_f: Unbreak offset calculation in VLAs\n (git-fixes).\n\n - usb: hso: check for return value in\n hso_serial_common_create() (networking-stable-20_08_08).\n\n - usblp: fix race between disconnect() and read()\n (git-fixes).\n\n - usb: lvtest: return proper error code in probe\n (git-fixes).\n\n - usbnet: ipheth: fix potential NULL pointer dereference\n in ipheth_carrier_set (git-fixes).\n\n - usb: qmi_wwan: add D-Link DWM-222 A2 device ID\n (git-fixes).\n\n - usb: quirks: Add no-lpm quirk for another Raydium\n touchscreen (git-fixes).\n\n - usb: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk\n for BYD zhaoxin notebook (git-fixes).\n\n - usb: quirks: Ignore duplicate endpoint on Sound Devices\n MixPre-D (git-fixes).\n\n - usb: serial: ftdi_sio: add IDs for Xsens Mti USB\n converter (git-fixes).\n\n - usb: serial: option: add support for\n SIM7070/SIM7080/SIM7090 modules (git-fixes).\n\n - usb: serial: option: support dynamic Quectel USB\n compositions (git-fixes).\n\n - usb: sisusbvga: Fix a potential UB casued by left\n shifting a negative value (git-fixes).\n\n - usb: storage: Add unusual_uas entry for Sony PSZ drives\n (git-fixes).\n\n - usb: typec: ucsi: acpi: Check the _DEP dependencies\n (git-fixes).\n\n - usb: uas: Add quirk for PNY Pro Elite (git-fixes).\n\n - usb: UAS: fix disconnect by unplugging a hub\n (git-fixes).\n\n - usb: yurex: Fix bad gfp argument (git-fixes).\n\n - vgacon: remove software scrollback support\n (bsc#1176278).\n\n - video: fbdev: fix OOB read in vga_8planes_imageblit()\n (git-fixes).\n\n - virtio-blk: free vblk-vqs in error path of\n virtblk_probe() (git fixes (block drivers)).\n\n - vmxnet3: fix cksum offload issues for non-udp tunnels\n (git-fixes).\n\n - vrf: prevent adding upper devices (git-fixes).\n\n - vxge: fix return of a free'd memblock on a failed dma\n mapping (git-fixes).\n\n - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task\n (bsc#1112178).\n\n - xen: do not reschedule in preemption off sections\n (bsc#1175749).\n\n - xen/events: do not use chip_data for legacy IRQs\n (bsc#1065600).\n\n - XEN uses irqdesc::irq_data_common::handler_data to store\n a per interrupt XEN data pointer which contains XEN\n specific information (bsc#1065600).\n\n - xgbe: no need to check return value of debugfs_create\n functions (git-fixes).\n\n - xgbe: switch to more generic VxLAN detection\n (git-fixes).\n\n - xhci: Do warm-reset when both CAS and XDEV_RESUME are\n set (git-fixes).\n\n - yam: fix possible memory leak in yam_init_driver\n (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177030\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=962356\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debuginfo-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debugsource-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-debuginfo-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debuginfo-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debugsource-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-devel-4.12.14-lp151.28.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-docs-html-4.12.14-lp151.28.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-macros-4.12.14-lp151.28.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-debugsource-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-qa-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-4.12.14-lp151.28.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-vanilla-4.12.14-lp151.28.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-syms-4.12.14-lp151.28.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debugsource-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-4.12.14-lp151.28.71.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.71.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:40", "description": "The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).\n\nCVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).\n\nCVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011).\n\nCVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr function which could have led to memory corruption and read overflow (bsc#1177206).\n\nCVE-2020-25641: Fixed ann issue where length bvec was causing softlockups (bsc#1177121).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2905-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25643", "CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-14381", "CVE-2020-14390", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-26088"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2905-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143801", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2905-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143801);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-25643\",\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0431\",\n \"CVE-2020-0432\",\n \"CVE-2020-14381\",\n \"CVE-2020-14390\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-26088\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2905-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket\ncreation could have been used by local attackers to create raw\nsockets, bypassing security mechanisms (bsc#1176990).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory\ncorruption or a denial of service when changing screen size\n(bnc#1176235).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow\n(bsc#1176721).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free\n(bsc#1176725).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds\ncheck (bsc#1176722).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root\ncause (bsc#1176423).\n\nCVE-2020-25212: Fixed getxattr kernel panic and memory overflow\n(bsc#1176381).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to\nrbd devices, which could have been leveraged by local attackers to map\nor unmap rbd block devices (bsc#1176482).\n\nCVE-2020-14381: Fixed requeue paths such that filp was valid when\ndropping the references (bsc#1176011).\n\nCVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr\nfunction which could have led to memory corruption and read overflow\n(bsc#1177206).\n\nCVE-2020-25641: Fixed ann issue where length bvec was causing\nsoftlockups (bsc#1177121).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0404/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0427/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0431/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0432/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14381/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14390/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25212/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25284/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25641/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25643/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26088/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202905-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?da6401bd\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2905=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2905=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2905=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP1-2020-2905=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2905=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2905=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14381\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.61.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:29", "description": "The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).\n\nCVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).\n\nCVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011).\n\nCVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr function which could have led to memory corruption and read overflow (bsc#1177206).\n\nCVE-2020-25641: Fixed ann issue where length bvec was causing softlockups (bsc#1177121).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2907-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25643", "CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-14381", "CVE-2020-14390", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-26088"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2907-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143699", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2907-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143699);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-25643\",\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0431\",\n \"CVE-2020-0432\",\n \"CVE-2020-14381\",\n \"CVE-2020-14390\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-26088\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2907-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket\ncreation could have been used by local attackers to create raw\nsockets, bypassing security mechanisms (bsc#1176990).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory\ncorruption or a denial of service when changing screen size\n(bnc#1176235).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow\n(bsc#1176721).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free\n(bsc#1176725).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds\ncheck (bsc#1176722).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root\ncause (bsc#1176423).\n\nCVE-2020-25212: Fixed getxattr kernel panic and memory overflow\n(bsc#1176381).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to\nrbd devices, which could have been leveraged by local attackers to map\nor unmap rbd block devices (bsc#1176482).\n\nCVE-2020-14381: Fixed requeue paths such that filp was valid when\ndropping the references (bsc#1176011).\n\nCVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr\nfunction which could have led to memory corruption and read overflow\n(bsc#1177206).\n\nCVE-2020-25641: Fixed ann issue where length bvec was causing\nsoftlockups (bsc#1177121).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0404/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0427/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0431/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0432/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14381/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14390/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25212/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25284/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25641/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25643/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26088/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202907-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dd133376\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2907=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14381\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-16.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-16.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-16.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-16.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-16.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-16.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-16.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:27:21", "description": "The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25643: Added range checks in ppp_cp_parse_cr() (bsc#1177206).\n\nCVE-2020-25641: Allowed for_each_bvec to support zero len bvec (bsc#1177121).\n\nCVE-2020-25645: Added transport ports in route lookup for geneve (bsc#1177511).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).\n\nCVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011).\n\nCVE-2020-14386: Fixed a memory corruption which could have been exploited to gain root privileges from unprivileged processes (bsc#1176069).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).\n\nCVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629).\n\nCVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3014-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-14381", "CVE-2020-14386", "CVE-2020-14390", "CVE-2020-1749", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-26088"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel"], "id": "SUSE_SU-2020-3014-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143784", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3014-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143784);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0431\",\n \"CVE-2020-0432\",\n \"CVE-2020-1749\",\n \"CVE-2020-14381\",\n \"CVE-2020-14386\",\n \"CVE-2020-14390\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-26088\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3014-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25643: Added range checks in ppp_cp_parse_cr() (bsc#1177206).\n\nCVE-2020-25641: Allowed for_each_bvec to support zero len bvec\n(bsc#1177121).\n\nCVE-2020-25645: Added transport ports in route lookup for geneve\n(bsc#1177511).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root\ncause (bsc#1176423).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free\n(bsc#1176725).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds\ncheck (bsc#1176722).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow\n(bsc#1176721).\n\nCVE-2020-14381: Fixed requeue paths such that filp was valid when\ndropping the references (bsc#1176011).\n\nCVE-2020-14386: Fixed a memory corruption which could have been\nexploited to gain root privileges from unprivileged processes\n(bsc#1176069).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory\ncorruption or a denial of service when changing screen size\n(bnc#1176235).\n\nCVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup\n(bsc#1165629).\n\nCVE-2020-25212: Fixed getxattr kernel panic and memory overflow\n(bsc#1176381).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to\nrbd devices, which could have been leveraged by local attackers to map\nor unmap rbd block devices (bsc#1176482).\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket\ncreation could have been used by local attackers to create raw\nsockets, bypassing security mechanisms (bsc#1176990).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1166965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176400\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177340\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0404/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0427/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0431/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0432/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14381/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14386/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14390/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-1749/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25212/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25284/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25641/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25643/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25645/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26088/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203014-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bc3db1b4\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-3014=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14386\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-debuginfo-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-rt-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-4.12.14-14.36.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-4.12.14-14.36.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:04:09", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)\n\n - The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the\n __timer_stats_timer_set_start_info function in kernel/time/timer.c.(CVE-2017-5967)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue.(CVE-2020-25705)\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android kernelAndroid ID: A-140550171(CVE-2020-0427)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.(CVE-2020-2732)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel(CVE-2020-0404)\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.(CVE-2020-10773)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.(CVE-2020-12352)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-151939299(CVE-2020-0433)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1200)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5967", "CVE-2020-0305", "CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-0433", "CVE-2020-10773", "CVE-2020-12352", "CVE-2020-14351", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-2732"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1200.NASL", "href": "https://www.tenable.com/plugins/nessus/146181", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146181);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2017-5967\",\n \"CVE-2020-0305\",\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0431\",\n \"CVE-2020-0433\",\n \"CVE-2020-2732\",\n \"CVE-2020-10773\",\n \"CVE-2020-12352\",\n \"CVE-2020-14351\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1200)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel. A use-after-free\n was found in the way the console subsystem was using\n ioctls KDGKBSENT and KDSKBSENT. A local user could use\n this flaw to get read memory access out of bounds. The\n highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-25656)\n\n - The time subsystem in the Linux kernel through 4.9.9,\n when CONFIG_TIMER_STATS is enabled, allows local users\n to discover real PID values (as distinguished from PID\n values inside a PID namespace) by reading the\n /proc/timer_list file, related to the print_timer\n function in kernel/time/timer_list.c and the\n __timer_stats_timer_set_start_info function in\n kernel/time/timer.c.(CVE-2017-5967)\n\n - A flaw in the way reply ICMP packets are limited in the\n Linux kernel functionality was found that allows to\n quickly scan open UDP ports. This flaw allows an\n off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this\n vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source\n port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this\n issue.(CVE-2020-25705)\n\n - In cdev_get of char_dev.c, there is a possible\n use-after-free due to a race condition. This could lead\n to local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - In create_pinctrl of core.c, there is a possible out of\n bounds read due to a use after free. This could lead to\n local information disclosure with no additional\n execution privileges needed. User interaction is not\n needed for exploitation.Product: AndroidVersions:\n Android kernelAndroid ID: A-140550171(CVE-2020-0427)\n\n - A flaw was discovered in the way that the KVM\n hypervisor handled instruction emulation for an L2\n guest when nested virtualisation is enabled. Under some\n circumstances, an L2 guest may trick the L0 guest into\n accessing sensitive L1 resources that should be\n inaccessible to the L2 guest.(CVE-2020-2732)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a\n possible linked list corruption due to an unusual root\n cause. This could lead to local escalation of privilege\n in the kernel with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream\n kernel(CVE-2020-0404)\n\n - A stack information leak flaw was found in s390/s390x\n in the Linux kernel's memory manager functionality,\n where it incorrectly writes to the\n /proc/sys/vm/cmm_timeout file. This flaw allows a local\n user to see the kernel data.(CVE-2020-10773)\n\n - Improper access control in BlueZ may allow an\n unauthenticated user to potentially enable information\n disclosure via adjacent access.(CVE-2020-12352)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-14351)\n\n - A flaw was found in the HDLC_PPP module of the Linux\n kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input\n validation in the ppp_cp_parse_cr function which can\n cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before\n 5.9-rc7. Traffic between two Geneve endpoints may be\n unencrypted when IPsec is configured to encrypt traffic\n for the specific UDP port used by the GENEVE tunnel\n allowing anyone between the two endpoints to read the\n traffic unencrypted. The main threat from this\n vulnerability is to data\n confidentiality.(CVE-2020-25645)\n\n - In kbd_keycode of keyboard.c, there is a possible out\n of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is\n a possible use after free due to improper locking. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-151939299(CVE-2020-0433)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1200\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ac6252fc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h494.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:41", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).\n\nCVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2017-18204: Fixed a denial of service in the ocfs2_setattr function of fs/ocfs2/file.c (bnc#1083244).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).\n\nCVE-2020-8694: Restricted energy meter to root access (bsc#1170415).\n\nCVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725).\n\nCVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511).\n\nCVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011).\n\nCVE-2020-25212: Fixed A TOCTOU mismatch in the NFS client code which could have been used by local attackers to corrupt memory (bsc#1176381).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).\n\nCVE-2020-25643: Fixed a memory corruption and a read overflow which could have caused by improper input validation in the ppp_cp_parse_cr function (bsc#1177206).\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3501-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18204", "CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-12352", "CVE-2020-14351", "CVE-2020-14381", "CVE-2020-14390", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-26088", "CVE-2020-8694"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_146-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3501-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143654", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3501-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143654);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2017-18204\",\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0431\",\n \"CVE-2020-0432\",\n \"CVE-2020-8694\",\n \"CVE-2020-12352\",\n \"CVE-2020-14351\",\n \"CVE-2020-14381\",\n \"CVE-2020-14390\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\",\n \"CVE-2020-26088\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3501-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various\nsecurity and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25705: A flaw in the way reply ICMP packets are limited in\nwas found that allowed to quickly scan open UDP ports. This flaw\nallowed an off-path remote user to effectively bypassing source port\nUDP randomization. The highest threat from this vulnerability is to\nconfidentiality and possibly integrity, because software and services\nthat rely on UDP source port randomization (like DNS) are indirectly\naffected as well. Kernel versions may be vulnerable to this issue\n(bsc#1175721, bsc#1178782).\n\nCVE-2020-25656: Fixed a concurrency use-after-free in\nvt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2017-18204: Fixed a denial of service in the ocfs2_setattr\nfunction of fs/ocfs2/file.c (bnc#1083244).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function\n(bsc#1177086).\n\nCVE-2020-8694: Restricted energy meter to root access (bsc#1170415).\n\nCVE-2020-12352: Fixed an information leak when processing certain AMP\npackets aka 'BleedingTooth' (bsc#1177725).\n\nCVE-2020-25645: Fixed an an issue in IPsec that caused traffic between\ntwo Geneve endpoints to be unencrypted (bnc#1177511).\n\nCVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex)\nwait operation, which could have lead to memory corruption and\npossibly privilege escalation (bsc#1176011).\n\nCVE-2020-25212: Fixed A TOCTOU mismatch in the NFS client code which\ncould have been used by local attackers to corrupt memory\n(bsc#1176381).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory\ncorruption or a denial of service when changing screen size\n(bnc#1176235).\n\nCVE-2020-25643: Fixed a memory corruption and a read overflow which\ncould have caused by improper input validation in the ppp_cp_parse_cr\nfunction (bsc#1177206).\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket\ncreation could have been used by local attackers to create raw\nsockets, bypassing security mechanisms (bsc#1176990).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow\n(bsc#1176721).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds\ncheck (bsc#1176722).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free\n(bsc#1176725).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root\ncause (bsc#1176423).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to\nrbd devices, which could have been leveraged by local attackers to map\nor unmap rbd block devices (bsc#1176482).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18204/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0404/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0427/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0431/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0432/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12352/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14351/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14381/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14390/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25212/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25284/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25643/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25645/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25656/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25705/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26088/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8694/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203501-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e8707c06\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-3501=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3501=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3501=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3501=1\n\nSUSE Linux Enterprise High Availability 12-SP2 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP2-2020-3501=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14381\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_146-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_146-default-1-3.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.121-92.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.121-92.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.121-92.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.121-92.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.121-92.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.121-92.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.121-92.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.121-92.146.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:28", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).\n\nCVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).\n\nCVE-2020-8694: Restricted energy meter to root access (bsc#1170415).\n\nCVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725).\n\nCVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177511).\n\nCVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011).\n\nCVE-2020-25212: Fixed A TOCTOU mismatch in the NFS client code which could have been used by local attackers to corrupt memory (bsc#1176381).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).\n\nCVE-2020-25643: Fixed a memory corruption and a read overflow which could have caused by improper input validation in the ppp_cp_parse_cr function (bsc#1177206).\n\nCVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121).\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).\n\nCVE-2019-19063: Fixed two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c, which could have allowed an attacker to cause a denial of service (memory consumption) (bsc#1157298).\n\nCVE-2019-6133: In PolicyKit (aka polkit), the 'start time' protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c (bsc#1121872).\n\nCVE-2017-18204: Fixed a denial of service in the ocfs2_setattr function of fs/ocfs2/file.c (bnc#1083244).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3503-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18204", "CVE-2019-19063", "CVE-2019-6133", "CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-12352", "CVE-2020-14351", "CVE-2020-14381", "CVE-2020-14390", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25705", "CVE-2020-26088", "CVE-2020-8694"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_135-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_135-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3503-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143639", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3503-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143639);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2017-18204\",\n \"CVE-2019-6133\",\n \"CVE-2019-19063\",\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0431\",\n \"CVE-2020-0432\",\n \"CVE-2020-8694\",\n \"CVE-2020-12352\",\n \"CVE-2020-14351\",\n \"CVE-2020-14381\",\n \"CVE-2020-14390\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25705\",\n \"CVE-2020-26088\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3503-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various\nsecurity and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25705: A flaw in the way reply ICMP packets are limited in\nwas found that allowed to quickly scan open UDP ports. This flaw\nallowed an off-path remote user to effectively bypassing source port\nUDP randomization. The highest threat from this vulnerability is to\nconfidentiality and possibly integrity, because software and services\nthat rely on UDP source port randomization (like DNS) are indirectly\naffected as well. Kernel versions may be vulnerable to this issue\n(bsc#1175721, bsc#1178782).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).\n\nCVE-2020-25656: Fixed a concurrency use-after-free in\nvt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function\n(bsc#1177086).\n\nCVE-2020-8694: Restricted energy meter to root access (bsc#1170415).\n\nCVE-2020-12352: Fixed an information leak when processing certain AMP\npackets aka 'BleedingTooth' (bsc#1177725).\n\nCVE-2020-25645: Fixed an issue which traffic between two Geneve\nendpoints may be unencrypted when IPsec is configured to encrypt\ntraffic for the specific UDP port used by the GENEVE tunnel allowing\nanyone between the two endpoints to read the traffic unencrypted\n(bsc#1177511).\n\nCVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex)\nwait operation, which could have lead to memory corruption and\npossibly privilege escalation (bsc#1176011).\n\nCVE-2020-25212: Fixed A TOCTOU mismatch in the NFS client code which\ncould have been used by local attackers to corrupt memory\n(bsc#1176381).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory\ncorruption or a denial of service when changing screen size\n(bnc#1176235).\n\nCVE-2020-25643: Fixed a memory corruption and a read overflow which\ncould have caused by improper input validation in the ppp_cp_parse_cr\nfunction (bsc#1177206).\n\nCVE-2020-25641: Fixed a zero-length biovec request issued by the block\nsubsystem could have caused the kernel to enter an infinite loop,\ncausing a denial of service (bsc#1177121).\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket\ncreation could have been used by local attackers to create raw\nsockets, bypassing security mechanisms (bsc#1176990).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow\n(bsc#1176721).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds\ncheck (bsc#1176722).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free\n(bsc#1176725).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root\ncause (bsc#1176423).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to\nrbd devices, which could have been leveraged by local attackers to map\nor unmap rbd block devices (bsc#1176482).\n\nCVE-2019-19063: Fixed two memory leaks in the rtl_usb_probe() function\nin drivers/net/wireless/realtek/rtlwifi/usb.c, which could have\nallowed an attacker to cause a denial of service (memory consumption)\n(bsc#1157298).\n\nCVE-2019-6133: In PolicyKit (aka polkit), the 'start time' protection\nmechanism can be bypassed because fork() is not atomic, and therefore\nauthorization decisions are improperly cached. This is related to lack\nof uid checking in polkitbackend/polkitbackendinteractiveauthority.c\n(bsc#1121872).\n\nCVE-2017-18204: Fixed a denial of service in the ocfs2_setattr\nfunction of fs/ocfs2/file.c (bnc#1083244).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160917\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18204/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19063/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-6133/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0404/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0427/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0431/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0432/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12352/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14351/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14381/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14390/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25212/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25284/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25641/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25643/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25645/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25656/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25705/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26088/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8694/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203503-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?265f2b9b\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3503=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-3503=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3503=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3503=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3503=1\n\nSUSE Linux Enterprise High Availability 12-SP3 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP3-2020-3503=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-3503=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-3503=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14381\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_135-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_135-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-kgraft-4.4.180-94.135.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_135-default-1-4.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_135-default-debuginfo-1-4.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.180-94.135.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.180-94.135.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.180-94.135.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.180-94.135.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.180-94.135.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.180-94.135.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.180-94.135.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.180-94.135.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:31", "description": "The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).\n\nCVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123).\n\nCVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).\n\nCVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).\n\nCVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470).\n\nCVE-2020-8694: Restricted energy meter to root access (bsc#1170415).\n\nCVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops filter addition (bsc#1177724).\n\nCVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725).\n\nCVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bnc#1176381).\n\nCVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511).\n\nCVE-2020-14381: Fixed a UAF in the fast user mutex (futex) wait operation (bsc#1176011).\n\nCVE-2020-25643: Fixed an improper input validation in the ppp_cp_parse_cr function of the HDLC_PPP module (bnc#1177206).\n\nCVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121).\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).\n\nCVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)\n\nCVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3544-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0430", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-14351", "CVE-2020-14381", "CVE-2020-14390", "CVE-2020-16120", "CVE-2020-2521", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-26088", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-8694"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3544-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143857", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3544-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143857);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0430\",\n \"CVE-2020-0431\",\n \"CVE-2020-0432\",\n \"CVE-2020-2521\",\n \"CVE-2020-8694\",\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-14351\",\n \"CVE-2020-14381\",\n \"CVE-2020-14390\",\n \"CVE-2020-16120\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-26088\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3544-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various\nsecurity and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25705: A flaw in the way reply ICMP packets are limited in\nwas found that allowed to quickly scan open UDP ports. This flaw\nallowed an off-path remote user to effectively bypassing source port\nUDP randomization. The highest threat from this vulnerability is to\nconfidentiality and possibly integrity, because software and services\nthat rely on UDP source port randomization (like DNS) are indirectly\naffected as well. Kernel versions may be vulnerable to this issue\n(bsc#1175721, bsc#1178782).\n\nCVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter()\n(bsc#1178393).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123).\n\nCVE-2020-25656: Fixed a concurrency use-after-free in\nvt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers\nin mm/hugetlb.c (bnc#1176485).\n\nCVE-2020-0430: Fixed an OOB read in skb_headlen of\n/include/linux/skbuff.h (bnc#1176723).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function\n(bsc#1177086).\n\nCVE-2020-16120: Fixed a permissions issue in ovl_path_open()\n(bsc#1177470).\n\nCVE-2020-8694: Restricted energy meter to root access (bsc#1170415).\n\nCVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops\nfilter addition (bsc#1177724).\n\nCVE-2020-12352: Fixed an information leak when processing certain AMP\npackets aka 'BleedingTooth' (bsc#1177725).\n\nCVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code\n(bnc#1176381).\n\nCVE-2020-25645: Fixed an an issue in IPsec that caused traffic between\ntwo Geneve endpoints to be unencrypted (bnc#1177511).\n\nCVE-2020-14381: Fixed a UAF in the fast user mutex (futex) wait\noperation (bsc#1176011).\n\nCVE-2020-25643: Fixed an improper input validation in the\nppp_cp_parse_cr function of the HDLC_PPP module (bnc#1177206).\n\nCVE-2020-25641: Fixed a zero-length biovec request issued by the block\nsubsystem could have caused the kernel to enter an infinite loop,\ncausing a denial of service (bsc#1177121).\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket\ncreation could have been used by local attackers to create raw\nsockets, bypassing security mechanisms (bsc#1176990).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory\ncorruption or a denial of service when changing screen size\n(bnc#1176235).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow\n(bsc#1176721).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free\n(bsc#1176725).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds\ncheck (bsc#1176722).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root\ncause (bsc#1176423).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to\nrbd devices, which could have been leveraged by local attackers to map\nor unmap rbd block devices (bsc#1176482).\n\nCVE-2020-27673: Fixed an issue where rogue guests could have caused\ndenial of service of Dom0 via high frequency events (XSA-332\nbsc#1177411)\n\nCVE-2020-27675: Fixed a race condition in event handler which may\ncrash dom0 (XSA-331 bsc#1177410).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1166965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171417\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177340\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0404/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0427/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0430/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0431/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0432/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12351/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12352/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14351/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14381/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14390/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16120/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-2521/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25212/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25284/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25285/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25641/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25643/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25645/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25656/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25704/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25705/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26088/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27675/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8694/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203544-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?85be96a4\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3544=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-3544=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3544=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3544=1\n\nSUSE Linux Enterprise Live Patching 12-SP4 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-3544=1\n\nSUSE Linux Enterprise High Availability 12-SP4 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP4-2020-3544=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.65.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-95.65.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-4.12.14-95.65.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-4.12.14-95.65.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-debuginfo-4.12.14-95.65.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debuginfo-4.12.14-95.65.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debugsource-4.12.14-95.65.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-devel-4.12.14-95.65.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-syms-4.12.14-95.65.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:53", "description": "The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various security and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).\n\nCVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123).\n\nCVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).\n\nCVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).\n\nCVE-2020-16120: Fixed permission check to open real file when using overlayfs. It was possible to have a file not readable by an unprivileged user be copied to a mountpoint controlled by that user and then be able to access the file (bsc#1177470).\n\nCVE-2020-8694: Restricted energy meter to root access (bsc#1170415).\n\nCVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724).\n\nCVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725).\n\nCVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381).\n\nCVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511).\n\nCVE-2020-2521: Fixed getxattr kernel panic and memory overflow (bsc#1176381).\n\nCVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011).\n\nCVE-2020-25643: Fixed a memory corruption and a read overflow which could have caused by improper input validation in the ppp_cp_parse_cr function (bsc#1177206).\n\nCVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121).\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).\n\nCVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)\n\nCVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3532-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0430", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-14351", "CVE-2020-14381", "CVE-2020-14390", "CVE-2020-16120", "CVE-2020-2521", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-26088", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-8694"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3532-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143875", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3532-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143875);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0430\",\n \"CVE-2020-0431\",\n \"CVE-2020-0432\",\n \"CVE-2020-2521\",\n \"CVE-2020-8694\",\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-14351\",\n \"CVE-2020-14381\",\n \"CVE-2020-14390\",\n \"CVE-2020-16120\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-26088\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3532-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 LTSS kernel was updated to receive\nvarious security and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25705: A flaw in the way reply ICMP packets are limited in\nwas found that allowed to quickly scan open UDP ports. This flaw\nallowed an off-path remote user to effectively bypassing source port\nUDP randomization. The highest threat from this vulnerability is to\nconfidentiality and possibly integrity, because software and services\nthat rely on UDP source port randomization (like DNS) are indirectly\naffected as well. Kernel versions may be vulnerable to this issue\n(bsc#1175721, bsc#1178782).\n\nCVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter()\n(bsc#1178393).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123).\n\nCVE-2020-25656: Fixed a concurrency use-after-free in\nvt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers\nin mm/hugetlb.c (bnc#1176485).\n\nCVE-2020-0430: Fixed an OOB read in skb_headlen of\n/include/linux/skbuff.h (bnc#1176723).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function\n(bsc#1177086).\n\nCVE-2020-16120: Fixed permission check to open real file when using\noverlayfs. It was possible to have a file not readable by an\nunprivileged user be copied to a mountpoint controlled by that user\nand then be able to access the file (bsc#1177470).\n\nCVE-2020-8694: Restricted energy meter to root access (bsc#1170415).\n\nCVE-2020-12351: Fixed a type confusion while processing AMP packets\naka 'BleedingTooth' aka 'BadKarma' (bsc#1177724).\n\nCVE-2020-12352: Fixed an information leak when processing certain AMP\npackets aka 'BleedingTooth' (bsc#1177725).\n\nCVE-2020-25212: Fixed getxattr kernel panic and memory overflow\n(bsc#1176381).\n\nCVE-2020-25645: Fixed an an issue in IPsec that caused traffic between\ntwo Geneve endpoints to be unencrypted (bnc#1177511).\n\nCVE-2020-2521: Fixed getxattr kernel panic and memory overflow\n(bsc#1176381).\n\nCVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex)\nwait operation, which could have lead to memory corruption and\npossibly privilege escalation (bsc#1176011).\n\nCVE-2020-25643: Fixed a memory corruption and a read overflow which\ncould have caused by improper input validation in the ppp_cp_parse_cr\nfunction (bsc#1177206).\n\nCVE-2020-25641: Fixed a zero-length biovec request issued by the block\nsubsystem could have caused the kernel to enter an infinite loop,\ncausing a denial of service (bsc#1177121).\n\nCVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket\ncreation could have been used by local attackers to create raw\nsockets, bypassing security mechanisms (bsc#1176990).\n\nCVE-2020-14390: Fixed an out-of-bounds memory write leading to memory\ncorruption or a denial of service when changing screen size\n(bnc#1176235).\n\nCVE-2020-0432: Fixed an out of bounds write due to an integer overflow\n(bsc#1176721).\n\nCVE-2020-0427: Fixed an out of bounds read due to a use after free\n(bsc#1176725).\n\nCVE-2020-0431: Fixed an out of bounds write due to a missing bounds\ncheck (bsc#1176722).\n\nCVE-2020-0404: Fixed a linked list corruption due to an unusual root\ncause (bsc#1176423).\n\nCVE-2020-25284: Fixed an incomplete permission checking for access to\nrbd devices, which could have been leveraged by local attackers to map\nor unmap rbd block devices (bsc#1176482).\n\nCVE-2020-27673: Fixed an issue where rogue guests could have caused\ndenial of service of Dom0 via high frequency events (XSA-332\nbsc#1177411)\n\nCVE-2020-27675: Fixed a race condition in event handler which may\ncrash dom0 (XSA-331 bsc#1177410).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1166965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171417\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0404/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0427/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0430/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0431/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0432/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12351/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12352/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14351/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14381/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14390/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16120/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-2521/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25212/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25284/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25285/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25641/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25643/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25645/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25656/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25704/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25705/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26088/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27675/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8694/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203532-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?61de52b6\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3532=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-3532=1\n\nSUSE Linux Enterprise Module for Live Patching 15 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-3532=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3532=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3532=1\n\nSUSE Linux Enterprise High Availability 15 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-2020-3532=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-base-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-debuginfo-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-debugsource-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-devel-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-obs-build-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-obs-build-debugsource-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-syms-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-base-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-debugsource-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"reiserfs-kmp-default-4.12.14-150.63.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-150.63.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T15:33:38", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14630-1 advisory.\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. (CVE-2019-16746)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 (CVE-2020-0431)\n\n - In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-162844689References: Upstream kernel (CVE-2020-0465)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2020-14353)\n\n - A flaw was found in the Linux kernels futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-14381)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of- bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. (CVE-2020-15437)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. (CVE-2020-25668)\n\n - A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free. (CVE-2020-25669)\n\n - In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-119770583 (CVE-2020-27068)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14630-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18270", "CVE-2019-16746", "CVE-2020-0404", "CVE-2020-0431", "CVE-2020-0465", "CVE-2020-11668", "CVE-2020-14331", "CVE-2020-14353", "CVE-2020-14381", "CVE-2020-14390", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25211", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788", "CVE-2021-3347"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigmem", "p-cpe:/a:novell:suse_linux:kernel-bigmem-base", "p-cpe:/a:novell:suse_linux:kernel-bigmem-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-ppc64", "p-cpe:/a:novell:suse_linux:kernel-ppc64-base", "p-cpe:/a:novell:suse_linux:kernel-ppc64-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2021-14630-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150536", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:14630-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150536);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2019-16746\",\n \"CVE-2020-0404\",\n \"CVE-2020-0431\",\n \"CVE-2020-0465\",\n \"CVE-2020-4788\",\n \"CVE-2020-11668\",\n \"CVE-2020-14331\",\n \"CVE-2020-14353\",\n \"CVE-2020-14381\",\n \"CVE-2020-14390\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25211\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25643\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\",\n \"CVE-2021-3347\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:14630-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14630-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:14630-1 advisory.\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check\n the length of variable elements in a beacon head, leading to a buffer overflow. (CVE-2019-16746)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual\n root cause. This could lead to local escalation of privilege in the kernel with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459\n (CVE-2020-0431)\n\n - In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds\n check. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-162844689References: Upstream kernel (CVE-2020-0465)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB\n driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a\n duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2020-14353)\n\n - A flaw was found in the Linux kernels futex implementation. This flaw allows a local attacker to corrupt\n system memory or escalate their privileges when creating a futex on a filesystem that is about to be\n unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-14381)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-\n bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial\n of service by using the p->serial_in pointer which uninitialized. (CVE-2020-15437)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw was found in Linux Kernel because access to the global variable fg_console is not properly\n synchronized leading to a use after free in con_font_op. (CVE-2020-25668)\n\n - A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by\n sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in\n sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free. (CVE-2020-25669)\n\n - In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds\n check. This could lead to local information disclosure with System execution privileges needed. User\n interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-119770583 (CVE-2020-27068)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked\n down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to further increase their privileges to that of a\n running kernel. (CVE-2020-27777)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and\n the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to\n this specific memory while freed and before use causes the flow of execution to change and possibly allow\n for memory corruption or privilege escalation. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free\n during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1168952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1175691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181553\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-February/008335.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56f42edd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3347\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'kernel-default-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-base-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-devel-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-man-3.0.101-108.120', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-base-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-devel-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-source-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-syms-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-base-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-devel-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-base-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-devel-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-man-3.0.101-108.120', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-base-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-devel-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-source-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-syms-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-base-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-devel-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:58", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed.(CVE-2020-0427)\n\n - NULL-ptr deref in the spk_ttyio_receive_buf2() function in spk_ttyio.c.(CVE-2020-27830)\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed.(CVE-2020-0466)\n\n - In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.(CVE-2020-27068)\n\n - use-after-free read in sunkbd_reinit in drivers/input/keyboard/sunkbd.c.(CVE-2020-25669)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.(CVE-2020-28941)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue.(CVE-2020-25705)\n\n - race condition in fg_console can lead to use-after-free in con_font_op.(CVE-2020-25668)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.(CVE-2020-27673)\n\n - An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.(CVE-2020-29368)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.(CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)\n\n - There is a memory leak in perf_event_parse_addr_filter.(CVE-2020-25704)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-8694)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)\n\n - An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets.\n The highest threat from this vulnerability is to data confidentiality.(CVE-2020-12352)\n\n - A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-12351)\n\n - A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.(CVE-2020-26088)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-25641)\n\n - In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-143560807(CVE-2020-0432)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c, aka CID-b4487b935452..(CVE-2020-25212)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-14385)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel(CVE-2020-0404)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-11T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1642)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-0466", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-14314", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-15437", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-26088", "CVE-2020-27068", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27830", "CVE-2020-28915", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-29368", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-8694"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-1642.NASL", "href": "https://www.tenable.com/plugins/nessus/147690", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147690);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0431\",\n \"CVE-2020-0432\",\n \"CVE-2020-0466\",\n \"CVE-2020-8694\",\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-14314\",\n \"CVE-2020-14385\",\n \"CVE-2020-14386\",\n \"CVE-2020-15437\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-26088\",\n \"CVE-2020-27068\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27830\",\n \"CVE-2020-28915\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\",\n \"CVE-2020-29368\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1642)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - In create_pinctrl of core.c, there is a possible out of\n bounds read due to a use after free. This could lead to\n local information disclosure with no additional\n execution privileges needed.(CVE-2020-0427)\n\n - NULL-ptr deref in the spk_ttyio_receive_buf2() function\n in spk_ttyio.c.(CVE-2020-27830)\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c,\n there is a possible use after free due to a logic\n error. This could lead to local escalation of privilege\n with no additional execution privileges\n needed.(CVE-2020-0466)\n\n - In the nl80211_policy policy of nl80211.c, there is a\n possible out of bounds read due to a missing bounds\n check. This could lead to local information disclosure\n with System execution privileges\n needed.(CVE-2020-27068)\n\n - use-after-free read in sunkbd_reinit in\n drivers/input/keyboard/sunkbd.c.(CVE-2020-25669)\n\n - A flaw was found in the Linux kernels implementation of\n MIDI, where an attacker with a local account and the\n permissions to issue an ioctl commands to midi devices,\n could trigger a use-after-free. A write to this\n specific memory while freed and before use could cause\n the flow of execution to change and possibly allow for\n memory corruption or privilege\n escalation.(CVE-2020-27786)\n\n - An issue was discovered in romfs_dev_read in\n fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)\n\n - A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - An issue was discovered in\n drivers/accessibility/speakup/spk_ttyio.c in the Linux\n kernel through 5.9.9. Local attackers on systems with\n the speakup driver could cause a local denial of\n service attack, aka CID-d41227544427. This occurs\n because of an invalid free when the line discipline is\n used more than once.(CVE-2020-28941)\n\n - A buffer over-read (at the framebuffer layer) in the\n fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)\n\n - A flaw in the way reply ICMP packets are limited in the\n Linux kernel functionality was found that allows to\n quickly scan open UDP ports. This flaw allows an\n off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this\n vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source\n port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this\n issue.(CVE-2020-25705)\n\n - race condition in fg_console can lead to use-after-free\n in con_font_op.(CVE-2020-25668)\n\n - The Linux kernel before version 5.8 is vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)\n\n - An issue was discovered in the Linux kernel through\n 5.9.1, as used with Xen through 4.14.x. Guest OS users\n can cause a denial of service (host OS hang) via a high\n rate of events to dom0, aka\n CID-e99502f76271.(CVE-2020-27673)\n\n - An issue was discovered in __split_huge_pmd in\n mm/huge_memory.c in the Linux kernel before 5.7.5. The\n copy-on-write implementation can grant unintended write\n access because of a race condition in a THP mapcount\n check, aka CID-c444eb564fb1.(CVE-2020-29368)\n\n - An issue was discovered in the Linux kernel through\n 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel\n removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL\n pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized\n device, aka CID-073d0552ead5.(CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory\n accesses in userspace to kernel communication. On a\n locked down (usually due to Secure Boot) guest system\n running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to\n further increase their privileges to that of a running\n kernel.(CVE-2020-27777)\n\n - There is a memory leak in\n perf_event_parse_addr_filter.(CVE-2020-25704)\n\n - Insufficient access control in the Linux kernel driver\n for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via\n local access.(CVE-2020-8694)\n\n - A flaw was found in the Linux kernel. A use-after-free\n was found in the way the console subsystem was using\n ioctls KDGKBSENT and KDSKBSENT. A local user could use\n this flaw to get read memory access out of bounds. The\n highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-25656)\n\n - In kbd_keycode of keyboard.c, there is a possible out\n of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - A flaw was found in the HDLC_PPP module of the Linux\n kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input\n validation in the ppp_cp_parse_cr function which can\n cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before\n 5.9-rc7. Traffic between two Geneve endpoints may be\n unencrypted when IPsec is configured to encrypt traffic\n for the specific UDP port used by the GENEVE tunnel\n allowing anyone between the two endpoints to read the\n traffic unencrypted. The main threat from this\n vulnerability is to data\n confidentiality.(CVE-2020-25645)\n\n - An information leak flaw was found in the way the Linux\n kernel's Bluetooth stack implementation handled\n initialization of stack memory when handling certain\n AMP packets. A remote attacker in adjacent range could\n use this flaw to leak small portions of stack memory on\n the system by sending a specially crafted AMP packets.\n The highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-12352)\n\n - A flaw was found in the way the Linux kernel Bluetooth\n implementation handled L2CAP packets with A2MP CID. A\n remote attacker in adjacent range could use this flaw\n to crash the system causing denial of service or\n potentially execute arbitrary code on the system by\n sending a specially crafted L2CAP packet. The highest\n threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-12351)\n\n - A missing CAP_NET_RAW check in NFC socket creation in\n net/nfc/rawsock.c in the Linux kernel before 5.8.2\n could be used by local attackers to create raw sockets,\n bypassing security mechanisms, aka\n CID-26896f01467a.(CVE-2020-26088)\n\n - A flaw was found in the Linux kernel's implementation\n of biovecs in versions before 5.9-rc7. A zero-length\n biovec request issued by the block subsystem could\n cause the kernel to enter an infinite loop, causing a\n denial of service. This flaw allows a local attacker\n with basic privileges to issue requests to a block\n device, resulting in a denial of service. The highest\n threat from this vulnerability is to system\n availability.(CVE-2020-25641)\n\n - In skb_to_mamac of networking.c, there is a possible\n out of bounds write due to an integer overflow. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-143560807(CVE-2020-0432)\n\n - A TOCTOU mismatch in the NFS client code in the Linux\n kernel before 5.8.3 could be used by local attackers to\n corrupt memory or possibly have unspecified other\n impact because a size check is in fs/ nfs/ nfs4proc.c\n instead of fs/ nfs/ nfs4xdr.c, aka\n CID-b4487b935452..(CVE-2020-25212)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A\n failure of the file system metadata validator in XFS\n can cause an inode with a valid, user-creatable\n extended attribute to be flagged as corrupt. This can\n lead to the filesystem being shutdown, or otherwise\n rendered inaccessible until it is remounted, leading to\n a denial of service. The highest threat from this\n vulnerability is to system\n availability.(CVE-2020-14385)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a\n possible linked list corruption due to an unusual root\n cause. This could lead to local escalation of privilege\n in the kernel with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream\n kernel(CVE-2020-0404)\n\n - The rbd block device driver in drivers/block/rbd.c in\n the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which\n could be leveraged by local attackers to map or unmap\n rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in\n mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL\n pointer dereference, or possibly have unspecified other\n impact, aka CID-17743798d812.(CVE-2020-25285)\n\n - A memory out-of-bounds read flaw was found in the Linux\n kernel before 5.9-rc2 with the ext3/ext4 file system,\n in the way it accesses a directory with broken\n indexing. This flaw allows a local user to crash the\n system if the directory exists. The highest threat from\n this vulnerability is to system\n availability.(CVE-2020-14314)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root\n privileges from unprivileged processes. The highest\n threat from this vulnerability is to data\n confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1642\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fbd2c64\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.18.0-147.5.1.2.h314.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.2.h314.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.2.h314.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.2.h314.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:33", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc. Security Fix(es):In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-111893654References: Upstream kernel.(CVE-2020-0404)A flaw was found in the Linux kernel in versions from 2.2.3 through 5.9.rc5. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. This highest threat from this vulnerability is to system availability.(CVE-2020-14390)A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs4proc.c instead of fsfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service.\n The highest threat from this vulnerability is to system availability.(CVE-2020-14385)In the Linux kernel before 5.7.8, fsfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131.\n This occurs because the current umask is not considered.(CVE-2020-24394)The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys et/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.(CVE-2019-18805)Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.(CVE-2019-0147)Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.(CVE-2020-0145)A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)A missing CAP_NET_RAW check in NFC socket creation in net fc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.(CVE-2020-26088)A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.(CVE-2015-7837)A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-25641)A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)perf: Fix race in perf_mmap_close function.(CVE-2020-14351)An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-12352)A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-12351)A heap buffer overflow flaw was found in the way the Linux kernel's Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-24490)** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2020-25656)In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807(CVE-2020-0432)A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.(CVE-2020-25704)A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)There is a use-after-free problem seen due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.(CVE-2020-10690)A device tracking vulnerability was found in the flow_dissector feature in the Linux kernel. This flaw occurs because the auto flowlabel of the UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and jhash (instead of siphash) is used. The hashmd value remains the same starting from boot time and can be inferred by an attacker.(CVE-2019-18282)Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)An issue was discovered in the Linux kernel before 5.2.6.\n On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.(CVE-2020-29374)A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459(CVE-2020-0431)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-05T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7837", "CVE-2019-0145", "CVE-2019-0147", "CVE-2019-18282", "CVE-2019-18805", "CVE-2019-20934", "CVE-2020-0145", "CVE-2020-0404", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-10690", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-14314", "CVE-2020-14351", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-14390", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-24394", "CVE-2020-24490", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25704", "CVE-2020-26088", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29371", "CVE-2020-29374"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-1039.NASL", "href": "https://www.tenable.com/plugins/nessus/144731", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144731);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2015-7837\",\n \"CVE-2019-0145\",\n \"CVE-2019-0147\",\n \"CVE-2019-18282\",\n \"CVE-2019-18805\",\n \"CVE-2019-20934\",\n \"CVE-2020-0404\",\n \"CVE-2020-0431\",\n \"CVE-2020-0432\",\n \"CVE-2020-10690\",\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-14314\",\n \"CVE-2020-14351\",\n \"CVE-2020-14385\",\n \"CVE-2020-14386\",\n \"CVE-2020-14390\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-24394\",\n \"CVE-2020-24490\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25704\",\n \"CVE-2020-26088\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29370\",\n \"CVE-2020-29371\",\n \"CVE-2020-29374\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1039)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc. Security Fix(es):In uvc_scan_chain_forward\n of uvc_driver.c, there is a possible linked list\n corruption due to an unusual root cause. This could\n lead to local escalation of privilege in the kernel\n with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-111893654References: Upstream kernel.(CVE-2020-0404)A\n flaw was found in the Linux kernel in versions from\n 2.2.3 through 5.9.rc5. When changing screen size, an\n out-of-bounds memory write can occur leading to memory\n corruption or a denial of service. This highest threat\n from this vulnerability is to system\n availability.(CVE-2020-14390)A TOCTOU mismatch in the\n NFS client code in the Linux kernel before 5.8.3 could\n be used by local attackers to corrupt memory or\n possibly have unspecified other impact because a size\n check is in fs4proc.c instead of fsfs4xdr.c, aka\n CID-b4487b935452.(CVE-2020-25212)A flaw was found in\n the Linux kernel before 5.9-rc4. A failure of the file\n system metadata validator in XFS can cause an inode\n with a valid, user-creatable extended attribute to be\n flagged as corrupt. This can lead to the filesystem\n being shutdown, or otherwise rendered inaccessible\n until it is remounted, leading to a denial of service.\n The highest threat from this vulnerability is to system\n availability.(CVE-2020-14385)In the Linux kernel before\n 5.7.8, fsfsd/vfs.c (in the NFS server) can set\n incorrect permissions on new filesystem objects when\n the filesystem lacks ACL support, aka CID-22cf8419f131.\n This occurs because the current umask is not\n considered.(CVE-2020-24394)The rbd block device driver\n in drivers/block/rbd.c in the Linux kernel through\n 5.8.9 used incomplete permission checking for access to\n rbd devices, which could be leveraged by local\n attackers to map or unmap rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)An issue was\n discovered in net/ipv4/sysctl_net_ipv4.c in the Linux\n kernel before 5.0.11. There is a net/ipv4/tcp_input.c\n signed integer overflow in tcp_ack_update_rtt() when\n userspace writes a very large integer to /proc/sys\n et/ipv4/tcp_min_rtt_wlen, leading to a denial of\n service or possibly unspecified other impact, aka\n CID-19fad20d15a6.(CVE-2019-18805)Insufficient input\n validation in i40e driver for Intel(R) Ethernet 700\n Series Controllers versions before 7.0 may allow an\n authenticated user to potentially enable a denial of\n service via local access.(CVE-2019-0147)Buffer overflow\n in i40e driver for Intel(R) Ethernet 700 Series\n Controllers versions before 7.0 may allow an\n authenticated user to potentially enable an escalation\n of privilege via local access.(CVE-2020-0145)A race\n condition between hugetlb sysctl handlers in\n mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL\n pointer dereference, or possibly have unspecified other\n impact, aka CID-17743798d812.(CVE-2020-25285)A memory\n out-of-bounds read flaw was found in the Linux kernel\n before 5.9-rc2 with the ext3/ext4 file system, in the\n way it accesses a directory with broken indexing. This\n flaw allows a local user to crash the system if the\n directory exists. The highest threat from this\n vulnerability is to system\n availability.(CVE-2020-14314)A missing CAP_NET_RAW\n check in NFC socket creation in net fc/rawsock.c in the\n Linux kernel before 5.8.2 could be used by local\n attackers to create raw sockets, bypassing security\n mechanisms, aka CID-26896f01467a.(CVE-2020-26088)A flaw\n was found in the HDLC_PPP module of the Linux kernel in\n versions before 5.9-rc7. Memory corruption and a read\n overflow is caused by improper input validation in the\n ppp_cp_parse_cr function which can cause the system to\n crash or cause a denial of service. The highest threat\n from this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-25643)The Linux kernel, as used\n in Red Hat Enterprise Linux 7, kernel-rt, and\n Enterprise MRG 2 and when booted with UEFI Secure Boot\n enabled, allows local users to bypass intended\n securelevel/secureboot restrictions by leveraging\n improper handling of secure_boot flag across kexec\n reboot.(CVE-2015-7837)A flaw was found in the Linux\n kernel's implementation of biovecs in versions before\n 5.9-rc7. A zero-length biovec request issued by the\n block subsystem could cause the kernel to enter an\n infinite loop, causing a denial of service. This flaw\n allows a local attacker with basic privileges to issue\n requests to a block device, resulting in a denial of\n service. The highest threat from this vulnerability is\n to system availability.(CVE-2020-25641)A flaw was found\n in the Linux kernel before 5.9-rc4. Memory corruption\n can be exploited to gain root privileges from\n unprivileged processes. The highest threat from this\n vulnerability is to data confidentiality and\n integrity.(CVE-2020-14386)A flaw was found in the Linux\n kernel in versions before 5.9-rc7. Traffic between two\n Geneve endpoints may be unencrypted when IPsec is\n configured to encrypt traffic for the specific UDP port\n used by the GENEVE tunnel allowing anyone between the\n two endpoints to read the traffic unencrypted. The main\n threat from this vulnerability is to data\n confidentiality.(CVE-2020-25645)perf: Fix race in\n perf_mmap_close function.(CVE-2020-14351)An information\n leak flaw was found in the way the Linux kernel's\n Bluetooth stack implementation handled initialization\n of stack memory when handling certain AMP packets. A\n remote attacker in adjacent range could use this flaw\n to leak small portions of stack memory on the system by\n sending a specially crafted AMP packets. The highest\n threat from this vulnerability is to data\n confidentiality.(CVE-2020-12352)A flaw was found in the\n way the Linux kernel Bluetooth implementation handled\n L2CAP packets with A2MP CID. A remote attacker in\n adjacent range could use this flaw to crash the system\n causing denial of service or potentially execute\n arbitrary code on the system by sending a specially\n crafted L2CAP packet. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as system availability.(CVE-2020-12351)A heap\n buffer overflow flaw was found in the way the Linux\n kernel's Bluetooth implementation processed extended\n advertising report events. This flaw allows a remote\n attacker in an adjacent range to crash the system,\n causing a denial of service or to potentially execute\n arbitrary code on the system by sending a specially\n crafted Bluetooth packet. The highest threat from this\n vulnerability is to confidentiality, integrity, as well\n as system availability.(CVE-2020-24490)** RESERVED **\n This candidate has been reserved by an organization or\n individual that will use it when announcing a new\n security problem. When the candidate has been\n publicized, the details for this candidate will be\n provided.(CVE-2020-25656)In skb_to_mamac of\n networking.c, there is a possible out of bounds write\n due to an integer overflow. This could lead to local\n escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-143560807(CVE-2020-0432)A\n slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)A\n flaw memory leak in the Linux kernel performance\n monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this\n flaw to starve the resources causing denial of\n service.(CVE-2020-25704)A buffer over-read (at the\n framebuffer layer) in the fbcon code in the Linux\n kernel before 5.8.15 could be used by local attackers\n to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)There is a\n use-after-free problem seen due to a race condition\n between the release of ptp_clock and cdev while\n resource deallocation. When a (high privileged) process\n allocates a ptp device file (like /dev/ptpX) and\n voluntarily goes to sleep. During this time if the\n underlying device is removed, it can cause an\n exploitable condition as the process wakes up to\n terminate and clean all attached files. The system\n crashes due to the cdev structure being invalid (as\n already freed) which is pointed to by the\n inode.(CVE-2020-10690)A device tracking vulnerability\n was found in the flow_dissector feature in the Linux\n kernel. This flaw occurs because the auto flowlabel of\n the UDP IPv6 packet relies on a 32-bit hashmd value as\n a secret, and jhash (instead of siphash) is used. The\n hashmd value remains the same starting from boot time\n and can be inferred by an\n attacker.(CVE-2019-18282)Use-after-free vulnerability\n in fs/block_dev.c in the Linux kernel before 5.8 allows\n local users to gain privileges or cause a denial of\n service by leveraging improper access to a certain\n error field.(CVE-2020-15436)The Linux kernel before\n version 5.8 is vulnerable to a NULL pointer dereference\n in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)An issue was discovered\n in kmem_cache_alloc_bulk in mm/slub.c in the Linux\n kernel before 5.5.11. The slowpath lacks the required\n TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)An\n issue was discovered in the Linux kernel before 5.2.6.\n On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault\n statistics are inappropriately freed, aka\n CID-16d51a590a8c.(CVE-2019-20934)An issue was\n discovered in romfs_dev_read in fs/romfs/storage.c in\n the Linux kernel before 5.8.4. Uninitialized memory\n leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)An issue was\n discovered in the Linux kernel before 5.7.3, related to\n mm/gup.c and mm/huge_memory.c. The get_user_pages (aka\n gup) implementation, when used for a copy-on-write\n page, does not properly consider the semantics of read\n operations and therefore can grant unintended write\n access, aka CID-17839856fd58.(CVE-2020-29374)A flaw was\n found in the way RTAS handled memory accesses in\n userspace to kernel communication. On a locked down\n (usually due to Secure Boot) guest system running on\n top of PowerVM or KVM hypervisors (pseries platform) a\n root like local user could use this flaw to further\n increase their privileges to that of a running\n kernel.(CVE-2020-27777)In kbd_keycode of keyboard.c,\n there is a possible out of bounds write due to a\n missing bounds check. This could lead to local\n escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-144161459(CVE-2020-0431)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1039\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?92f0c0ab\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.36-vhulk1907.1.0.h906\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h906\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h906\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h906\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h906\",\n \"kernel-tools-libs-devel-4.19.36-vhulk1907.1.0.h906\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:19:34", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1975 advisory.\n\n - kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404)\n\n - kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974)\n\n - kernel: use-after-free in nouveau kernel module (CVE-2020-27820)\n\n - kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941)\n\n - kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322)\n\n - hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)\n\n - kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154)\n\n - kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612)\n\n - kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n - kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159)\n\n - kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743)\n\n - kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744)\n\n - kernel: possible use-after-free in bluetooth module (CVE-2021-3752)\n\n - kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks (CVE-2021-3759)\n\n - kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n - kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772)\n\n - kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients (CVE-2021-3773)\n\n - kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002)\n\n - kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n - kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n - kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)\n\n - kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write (CVE-2021-41864)\n\n - kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197)\n\n - kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203)\n\n - kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)\n\n - kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389)\n\n - kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device (CVE-2021-43976)\n\n - kernel: use-after-free in the TEE subsystem (CVE-2021-44733)\n\n - kernel: information leak in the IPv6 implementation (CVE-2021-45485)\n\n - kernel: information leak in the IPv4 implementation (CVE-2021-45486)\n\n - hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)\n\n - hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)\n\n - kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)\n\n - kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322)\n\n - kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-11T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2022:1975)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2018-13405", "CVE-2020-0404", "CVE-2020-13974", "CVE-2020-27820", "CVE-2021-0941", "CVE-2021-20322", "CVE-2021-26401", "CVE-2021-29154", "CVE-2021-3612", "CVE-2021-3669", "CVE-2021-37159", "CVE-2021-3743", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3759", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-3773", "CVE-2021-4002", "CVE-2021-4037", "CVE-2021-4083", "CVE-2021-4157", "CVE-2021-41864", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43389", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0286", "CVE-2022-0322", "CVE-2022-1011"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2022-1975.NASL", "href": "https://www.tenable.com/plugins/nessus/161034", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1975. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161034);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-13974\",\n \"CVE-2020-27820\",\n \"CVE-2021-0941\",\n \"CVE-2021-3612\",\n \"CVE-2021-3669\",\n \"CVE-2021-3743\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3759\",\n \"CVE-2021-3764\",\n \"CVE-2021-3772\",\n \"CVE-2021-3773\",\n \"CVE-2021-4002\",\n \"CVE-2021-4037\",\n \"CVE-2021-4083\",\n \"CVE-2021-4157\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-20322\",\n \"CVE-2021-26401\",\n \"CVE-2021-29154\",\n \"CVE-2021-37159\",\n \"CVE-2021-41864\",\n \"CVE-2021-42739\",\n \"CVE-2021-43389\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0286\",\n \"CVE-2022-0322\",\n \"CVE-2022-1011\"\n );\n script_xref(name:\"RHSA\", value:\"2022:1975\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2022:1975)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1975 advisory.\n\n - kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404)\n\n - kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974)\n\n - kernel: use-after-free in nouveau kernel module (CVE-2020-27820)\n\n - kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941)\n\n - kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322)\n\n - hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)\n\n - kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation\n (CVE-2021-29154)\n\n - kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612)\n\n - kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n - kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159)\n\n - kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743)\n\n - kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744)\n\n - kernel: possible use-after-free in bluetooth module (CVE-2021-3752)\n\n - kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks\n (CVE-2021-3759)\n\n - kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n - kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772)\n\n - kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients\n (CVE-2021-3773)\n\n - kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002)\n\n - kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n - kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n - kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)\n\n - kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c\n leads to out-of-bounds write (CVE-2021-41864)\n\n - kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197)\n\n - kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203)\n\n - kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)\n\n - kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389)\n\n - kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS\n via crafted USB device (CVE-2021-43976)\n\n - kernel: use-after-free in the TEE subsystem (CVE-2021-44733)\n\n - kernel: information leak in the IPv6 implementation (CVE-2021-45485)\n\n - kernel: information leak in the IPv4 implementation (CVE-2021-45486)\n\n - hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)\n\n - hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)\n\n - kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)\n\n - kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322)\n\n - kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes\n (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-0941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-26401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-37159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-45485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-45486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1919791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1946684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1974079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1985353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1997467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1997961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1999544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1999675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2000627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2000694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2004949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2010463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2013180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2014230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2018205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2025003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2025726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2027239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2029923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034342\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2035652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2036934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2037019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2039911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2039914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2042822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2061700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2061712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2061721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064855\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3773\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 125, 129, 190, 200, 284, 287, 327, 330, 354, 362, 400, 401, 416, 459, 476, 681, 787, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-0404', 'CVE-2020-13974', 'CVE-2020-27820', 'CVE-2021-0941', 'CVE-2021-3612', 'CVE-2021-3669', 'CVE-2021-3743', 'CVE-2021-3744', 'CVE-2021-3752', 'CVE-2021-3759', 'CVE-2021-3764', 'CVE-2021-3772', 'CVE-2021-3773', 'CVE-2021-4002', 'CVE-2021-4037', 'CVE-2021-4083', 'CVE-2021-4157', 'CVE-2021-4197', 'CVE-2021-4203', 'CVE-2021-20322', 'CVE-2021-26401', 'CVE-2021-29154', 'CVE-2021-37159', 'CVE-2021-41864', 'CVE-2021-42739', 'CVE-2021-43389', 'CVE-2021-43976', 'CVE-2021-44733', 'CVE-2021-45485', 'CVE-2021-45486', 'CVE-2022-0001', 'CVE-2022-0002', 'CVE-2022-0286', 'CVE-2022-0322', 'CVE-2022-1011');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:1975');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-19T14:55:28", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.(CVE-2018-10876)A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)A information disclosure vulnerability in the Upstream kernel encrypted-keys.\n Product: Android. Versions: Android kernel. Android ID:\n A-70526974.(CVE-2017-13305)A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.(CVE-2021-20261)An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).(CVE-2019-12614)An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3.\n There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.(CVE-2018-13093)An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.(CVE-2019-11815)An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.(CVE-2021-27363)An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.(CVE-2021-27365)An issue was discovered in the Linux kernel through 5.11.3.\n drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.(CVE-2021-27364)An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.(CVE-2018-16276)drivers/infiniband/core/ucma .c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).(CVE-2018-14734)In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171(CVE-2020-0427)In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-147802478References: Upstream kernel(CVE-2020-0466)In fs/ocfs2/cluster/ nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.(CVE-2017-18216)In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30.(CVE-2019-19319)In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.(CVE-2017-7482)In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel(CVE-2020-0404)In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android kernelAndroid ID: A-162844689References:\n Upstream kernel(CVE-2020-0465)It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.(CVE-2018-10902)Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.(CVE-2018-10877)Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.(CVE-2018-10880)Linux Kernel contains an out-of-bounds read flaw in the asn1_ber_decoder() function in lib/asn1_decoder.c that is triggered when decoding ASN.1 data. This may allow a remote attacker to disclose potentially sensitive memory contents.(CVE-2018-9383)use-after-free read in sunkbd_reinit in drivers/input/keyboard/sunkbd.c(CVE-2020-25669)mwifiex_ cmd_802_11_ad_hoc_start in drivers/ net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)fs/ nfsd/ nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack see also the exports(5) no_subtree_check default behavior.(CVE-2021-3178)In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.(CVE-2019-6974)The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.(CVE-2019-7221)A flaw was found in the JFS filesystem code. This flaw allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-27815)An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35519)In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8.(CVE-2021-28972)A NULL pointer dereference was found in the net/rds/rdma.c\n __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.(CVE-2018-7492)The Siemens R3964 line discipline driver in drivers/tty/ n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.(CVE-2019-11486)The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.(CVE-2016-3857)The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.(CVE-2017-17741)The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.(CVE-2014-7841)The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a 'page lock order bug in the XFS seek hole/data implementation.'(CVE-2016-8660)The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.(CVE-2018-10322)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1808)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7841", "CVE-2016-3857", "CVE-2016-8660", "CVE-2017-13305", "CVE-2017-17741", "CVE-2017-18216", "CVE-2017-7482", "CVE-2018-10322", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10902", "CVE-2018-13093", "CVE-2018-14734", "CVE-2018-16276", "CVE-2018-7492", "CVE-2018-9383", "CVE-2019-11486", "CVE-2019-11815", "CVE-2019-12614", "CVE-2019-19319", "CVE-2019-6974", "CVE-2019-7221", "CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-25656", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36158", "CVE-2021-20261", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28972", "CVE-2021-3178"], "modified": "2021-05-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1808.NASL", "href": "https://www.tenable.com/plugins/nessus/149098", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149098);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/04\");\n\n script_cve_id(\n \"CVE-2014-7841\",\n \"CVE-2016-3857\",\n \"CVE-2016-8660\",\n \"CVE-2017-13305\",\n \"CVE-2017-17741\",\n \"CVE-2017-18216\",\n \"CVE-2017-7482\",\n \"CVE-2018-10322\",\n \"CVE-2018-10876\",\n \"CVE-2018-10877\",\n \"CVE-2018-10880\",\n \"CVE-2018-10902\",\n \"CVE-2018-13093\",\n \"CVE-2018-14734\",\n \"CVE-2018-16276\",\n \"CVE-2018-7492\",\n \"CVE-2018-9383\",\n \"CVE-2019-11486\",\n \"CVE-2019-11815\",\n \"CVE-2019-12614\",\n \"CVE-2019-19319\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-25656\",\n \"CVE-2020-25669\",\n \"CVE-2020-27777\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2020-36158\",\n \"CVE-2021-20261\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28972\",\n \"CVE-2021-3178\"\n );\n script_bugtraq_id(\n 71081\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1808)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):A flaw was found in Linux\n kernel in the ext4 filesystem code. A use-after-free is\n possible in ext4_ext_remove_space() function when\n mounting and operating a crafted ext4\n image.(CVE-2018-10876)A flaw was found in the Linux\n kernel. A use-after-free was found in the way the\n console subsystem was using ioctls KDGKBSENT and\n KDSKBSENT. A local user could use this flaw to get read\n memory access out of bounds. The highest threat from\n this vulnerability is to data\n confidentiality.(CVE-2020-25656)A flaw was found in the\n way RTAS handled memory accesses in userspace to kernel\n communication. On a locked down (usually due to Secure\n Boot) guest system running on top of PowerVM or KVM\n hypervisors (pseries platform) a root like local user\n could use this flaw to further increase their\n privileges to that of a running\n kernel.(CVE-2020-27777)A information disclosure\n vulnerability in the Upstream kernel encrypted-keys.\n Product: Android. Versions: Android kernel. Android ID:\n A-70526974.(CVE-2017-13305)A race condition was found\n in the Linux kernels implementation of the floppy disk\n drive controller driver software. The impact of this\n issue is lessened by the fact that the default\n permissions on the floppy device (/dev/fd0) are\n restricted to root. If the permissions on the device\n have changed the impact changes greatly. In the default\n configuration root (or equivalent) permissions are\n required to attack this flaw.(CVE-2021-20261)An issue\n was discovered in dlpar_parse_cc_property in\n arch/powerpc/platforms/pseries/dlpar.c in the Linux\n kernel through 5.1.6. There is an unchecked kstrdup of\n prop->name, which might allow an attacker to cause a\n denial of service (NULL pointer dereference and system\n crash).(CVE-2019-12614)An issue was discovered in\n fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3.\n There is a NULL pointer dereference and panic in\n lookup_slow() on a NULL inode->i_ops pointer when doing\n pathwalks on a corrupted xfs image. This occurs because\n of a lack of proper validation that cached inodes are\n free during allocation.(CVE-2018-13093)An issue was\n discovered in rds_tcp_kill_sock in net/rds/tcp.c in the\n Linux kernel before 5.0.8. There is a race condition\n leading to a use-after-free, related to net namespace\n cleanup.(CVE-2019-11815)An issue was discovered in the\n Linux kernel through 5.11.3. A kernel pointer leak can\n be used to determine the address of the iscsi_transport\n structure. When an iSCSI transport is registered with\n the iSCSI subsystem, the transport's handle is\n available to unprivileged users via the sysfs file\n system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When\n read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which\n leaks the handle. This handle is actually the pointer\n to an iscsi_transport struct in the kernel module's\n global variables.(CVE-2021-27363)An issue was\n discovered in the Linux kernel through 5.11.3. Certain\n iSCSI data structures do not have appropriate length\n constraints or checks, and can exceed the PAGE_SIZE\n value. An unprivileged user can send a Netlink message\n that is associated with iSCSI, and has a length up to\n the maximum length of a Netlink\n message.(CVE-2021-27365)An issue was discovered in the\n Linux kernel through 5.11.3.\n drivers/scsi/scsi_transport_iscsi.c is adversely\n affected by the ability of an unprivileged user to\n craft Netlink messages.(CVE-2021-27364)An issue was\n discovered in yurex_read in drivers/usb/misc/yurex.c in\n the Linux kernel before 4.17.7. Local attackers could\n use user access read/writes with incorrect bounds\n checking in the yurex USB driver to crash the kernel or\n potentially escalate\n privileges.(CVE-2018-16276)drivers/infiniband/core/ucma\n .c in the Linux kernel through 4.17.11 allows\n ucma_leave_multicast to access a certain data structure\n after a cleanup step in ucma_process_join, which allows\n attackers to cause a denial of service\n (use-after-free).(CVE-2018-14734)In create_pinctrl of\n core.c, there is a possible out of bounds read due to a\n use after free. This could lead to local information\n disclosure with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-140550171(CVE-2020-0427)In\n do_epoll_ctl and ep_loop_check_proc of eventpoll.c,\n there is a possible use after free due to a logic\n error. This could lead to local escalation of privilege\n with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-147802478References: Upstream kernel(CVE-2020-0466)In\n fs/ocfs2/cluster/ nodemanager.c in the Linux kernel\n before 4.15, local users can cause a denial of service\n (NULL pointer dereference and BUG) because a required\n mutex is not used.(CVE-2017-18216)In the Linux kernel\n before 5.2, a setxattr operation, after a mount of a\n crafted ext4 image, can cause a slab-out-of-bounds\n write access because of an ext4_xattr_set_entry\n use-after-free in fs/ext4/xattr.c when a large old_size\n value is used in a memset call, aka\n CID-345c0dbf3a30.(CVE-2019-19319)In the Linux kernel\n before version 4.12, Kerberos 5 tickets decoded when\n using the RXRPC keys incorrectly assumes the size of a\n field. This could lead to the size-remaining variable\n wrapping and the data pointer going over the end of the\n buffer. This could possibly lead to memory corruption\n and possible privilege escalation.(CVE-2017-7482)In\n uvc_scan_chain_forward of uvc_driver.c, there is a\n possible linked list corruption due to an unusual root\n cause. This could lead to local escalation of privilege\n in the kernel with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream\n kernel(CVE-2020-0404)In various methods of\n hid-multitouch.c, there is a possible out of bounds\n write due to a missing bounds check. This could lead to\n local escalation of privilege with no additional\n execution privileges needed. User interaction is not\n needed for exploitation.Product: AndroidVersions:\n Android kernelAndroid ID: A-162844689References:\n Upstream kernel(CVE-2020-0465)It was found that the raw\n midi kernel driver does not protect against concurrent\n access which leads to a double realloc (double free) in\n snd_rawmidi_input_params() and\n snd_rawmidi_output_status() which are part of\n snd_rawmidi_ioctl() handler in rawmidi.c file. A\n malicious local attacker could possibly use this for\n privilege escalation.(CVE-2018-10902)Linux kernel ext4\n filesystem is vulnerable to an out-of-bound access in\n the ext4_ext_drop_refs() function when operating on a\n crafted ext4 filesystem image.(CVE-2018-10877)Linux\n kernel is vulnerable to a stack-out-of-bounds write in\n the ext4 filesystem code when mounting and writing to a\n crafted ext4 image in ext4_update_inline_data(). An\n attacker could use this to cause a system crash and a\n denial of service.(CVE-2018-10880)Linux Kernel contains\n an out-of-bounds read flaw in the asn1_ber_decoder()\n function in lib/asn1_decoder.c that is triggered when\n decoding ASN.1 data. This may allow a remote attacker\n to disclose potentially sensitive memory\n contents.(CVE-2018-9383)use-after-free read in\n sunkbd_reinit in\n drivers/input/keyboard/sunkbd.c(CVE-2020-25669)mwifiex_\n cmd_802_11_ad_hoc_start in drivers/\n net/wireless/marvell/mwifiex/join.c in the Linux kernel\n through 5.10.4 might allow remote attackers to execute\n arbitrary code via a long SSID value, aka\n CID-5c455c5ab332.(CVE-2020-36158)fs/ nfsd/ nfs3xdr.c in\n the Linux kernel through 5.10.8, when there is an NFS\n export of a subdirectory of a filesystem, allows remote\n attackers to traverse to other parts of the filesystem\n via READDIRPLUS. NOTE: some parties argue that such a\n subdirectory export is not intended to prevent this\n attack see also the exports(5) no_subtree_check default\n behavior.(CVE-2021-3178)In the Linux kernel before\n 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c\n mishandles reference counting because of a race\n condition, leading to a\n use-after-free.(CVE-2019-6974)The KVM implementation in\n the Linux kernel through 4.20.5 has a\n Use-after-Free.(CVE-2019-7221)A flaw was found in the\n JFS filesystem code. This flaw allows a local attacker\n with the ability to set extended attributes to panic\n the system, causing memory corruption or escalating\n privileges. The highest threat from this vulnerability\n is to confidentiality, integrity, as well as system\n availability.(CVE-2020-27815)An out-of-bounds (OOB)\n memory access flaw was found in x25_bind in\n net/x25/af_x25.c in the Linux kernel. A bounds check\n failure allows a local attacker with a user account on\n the system to gain access to out-of-bounds memory,\n leading to a system crash or a leak of internal kernel\n information. The highest threat from this vulnerability\n is to confidentiality, integrity, as well as system\n availability.(CVE-2020-35519)In\n drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux\n kernel through 5.11.8, the RPA PCI Hotplug driver has a\n user-tolerable buffer overflow when writing a new\n device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame\n directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination,\n aka CID-cc7a0bb058b8.(CVE-2021-28972)A NULL pointer\n dereference was found in the net/rds/rdma.c\n __rds_rdma_map() function in the Linux kernel before\n 4.14.7 allowing local attackers to cause a system panic\n and a denial-of-service, related to RDS_GET_MR and\n RDS_GET_MR_FOR_DEST.(CVE-2018-7492)The Siemens R3964\n line discipline driver in drivers/tty/ n_r3964.c in the\n Linux kernel before 5.0.8 has multiple race\n conditions.(CVE-2019-11486)The kernel in Android before\n 2016-08-05 on Nexus 7 (2013) devices allows attackers\n to gain privileges via a crafted application, aka\n internal bug 28522518.(CVE-2016-3857)The KVM\n implementation in the Linux kernel through 4.14.7\n allows attackers to obtain potentially sensitive\n information from kernel memory, aka a write_mmio\n stack-based out-of-bounds read, related to\n arch/x86/kvm/x86.c and\n include/trace/events/kvm.h.(CVE-2017-17741)The\n sctp_process_param function in net/sctp/sm_make_chunk.c\n in the SCTP implementation in the Linux kernel before\n 3.17.4, when ASCONF is used, allows remote attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a malformed INIT\n chunk.(CVE-2014-7841)The XFS subsystem in the Linux\n kernel through 4.8.2 allows local users to cause a\n denial of service (fdatasync failure and system hang)\n by using the vfs syscall group in the trinity program,\n related to a 'page lock order bug in the XFS seek\n hole/data implementation.'(CVE-2016-8660)The\n xfs_dinode_verify function in\n fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel\n through 4.16.3 allows local users to cause a denial of\n service (xfs_ilock_attr_map_shared invalid pointer\n dereference) via a crafted xfs image.(CVE-2018-10322)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1808\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4aedd469\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10.h323\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h323\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h323\",\n \"kernel-devel-3.10.0-514.44.5.10.h323\",\n \"kernel-headers-3.10.0-514.44.5.10.h323\",\n \"kernel-tools-3.10.0-514.44.5.10.h323\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h323\",\n \"perf-3.10.0-514.44.5.10.h323\",\n \"python-perf-3.10.0-514.44.5.10.h323\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:20:57", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1988 advisory.\n\n - kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404)\n\n - kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974)\n\n - kernel: use-after-free in nouveau kernel module (CVE-2020-27820)\n\n - kernel: speculation on incompletely validated data on IBM Power9 (CVE-2020-4788)\n\n - kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941)\n\n - kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322)\n\n - kernel: arm: SIGPAGE information disclosure vulnerability (CVE-2021-21781)\n\n - hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)\n\n - kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154)\n\n - kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612)\n\n - kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n - kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159)\n\n - kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743)\n\n - kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744)\n\n - kernel: possible use-after-free in bluetooth module (CVE-2021-3752)\n\n - kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks (CVE-2021-3759)\n\n - kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n - kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772)\n\n - kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients (CVE-2021-3773)\n\n - kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002)\n\n - kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n - kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n - kernel: KVM: SVM: out-of-bounds read/write in sev_es_string_io (CVE-2021-4093)\n\n - kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)\n\n - kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write (CVE-2021-41864)\n\n - kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197)\n\n - kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203)\n\n - kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)\n\n - kernel: ppc: kvm: allows a malicious KVM guest to crash the host (CVE-2021-43056)\n\n - kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389)\n\n - kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device (CVE-2021-43976)\n\n - kernel: use-after-free in the TEE subsystem (CVE-2021-44733)\n\n - kernel: information leak in the IPv6 implementation (CVE-2021-45485)\n\n - kernel: information leak in the IPv4 implementation (CVE-2021-45486)\n\n - hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)\n\n - hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)\n\n - kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)\n\n - kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322)\n\n - kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-11T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2022:1988)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2018-13405", "CVE-2020-0404", "CVE-2020-13974", "CVE-2020-27820", "CVE-2020-4788", "CVE-2021-0941", "CVE-2021-20322", "CVE-2021-21781", "CVE-2021-26401", "CVE-2021-29154", "CVE-2021-3612", "CVE-2021-3669", "CVE-2021-37159", "CVE-2021-3743", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3759", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-3773", "CVE-2021-4002", "CVE-2021-4037", "CVE-2021-4083", "CVE-2021-4093", "CVE-2021-4157", "CVE-2021-41864", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43389", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0286", "CVE-2022-0322", "CVE-2022-1011"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2022-1988.NASL", "href": "https://www.tenable.com/plugins/nessus/161047", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1988. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161047);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-4788\",\n \"CVE-2020-13974\",\n \"CVE-2020-27820\",\n \"CVE-2021-0941\",\n \"CVE-2021-3612\",\n \"CVE-2021-3669\",\n \"CVE-2021-3743\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3759\",\n \"CVE-2021-3764\",\n \"CVE-2021-3772\",\n \"CVE-2021-3773\",\n \"CVE-2021-4002\",\n \"CVE-2021-4037\",\n \"CVE-2021-4083\",\n \"CVE-2021-4157\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-20322\",\n \"CVE-2021-21781\",\n \"CVE-2021-26401\",\n \"CVE-2021-29154\",\n \"CVE-2021-37159\",\n \"CVE-2021-41864\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\",\n \"CVE-2021-43389\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0286\",\n \"CVE-2022-0322\",\n \"CVE-2022-1011\"\n );\n script_xref(name:\"RHSA\", value:\"2022:1988\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2022:1988)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1988 advisory.\n\n - kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404)\n\n - kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974)\n\n - kernel: use-after-free in nouveau kernel module (CVE-2020-27820)\n\n - kernel: speculation on incompletely validated data on IBM Power9 (CVE-2020-4788)\n\n - kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941)\n\n - kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322)\n\n - kernel: arm: SIGPAGE information disclosure vulnerability (CVE-2021-21781)\n\n - hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)\n\n - kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation\n (CVE-2021-29154)\n\n - kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612)\n\n - kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n - kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159)\n\n - kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743)\n\n - kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744)\n\n - kernel: possible use-after-free in bluetooth module (CVE-2021-3752)\n\n - kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks\n (CVE-2021-3759)\n\n - kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n - kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772)\n\n - kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients\n (CVE-2021-3773)\n\n - kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002)\n\n - kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n - kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n - kernel: KVM: SVM: out-of-bounds read/write in sev_es_string_io (CVE-2021-4093)\n\n - kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)\n\n - kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c\n leads to out-of-bounds write (CVE-2021-41864)\n\n - kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197)\n\n - kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203)\n\n - kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)\n\n - kernel: ppc: kvm: allows a malicious KVM guest to crash the host (CVE-2021-43056)\n\n - kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389)\n\n - kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS\n via crafted USB device (CVE-2021-43976)\n\n - kernel: use-after-free in the TEE subsystem (CVE-2021-44733)\n\n - kernel: information leak in the IPv6 implementation (CVE-2021-45485)\n\n - kernel: information leak in the IPv4 implementation (CVE-2021-45486)\n\n - hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)\n\n - hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)\n\n - kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)\n\n - kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322)\n\n - kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes\n (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-4788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-0941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-26401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-37159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-45485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-45486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1888433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1919791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1946684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1974079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1981950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1985353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1997467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1997961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1999544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1999675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2000627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2000694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2004949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2010463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2013180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2014230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2017073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2018205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2025003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2025726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2027239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2028584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2029923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034342\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2035652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2036934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2037019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2039911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2039914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2042822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2061700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2061712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2061721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064855\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3773\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 125, 129, 190, 200, 252, 284, 287, 327, 330, 354, 362, 400, 401, 416, 459, 476, 681, 787, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-0404', 'CVE-2020-4788', 'CVE-2020-13974', 'CVE-2020-27820', 'CVE-2021-0941', 'CVE-2021-3612', 'CVE-2021-3669', 'CVE-2021-3743', 'CVE-2021-3744', 'CVE-2021-3752', 'CVE-2021-3759', 'CVE-2021-3764', 'CVE-2021-3772', 'CVE-2021-3773', 'CVE-2021-4002', 'CVE-2021-4037', 'CVE-2021-4083', 'CVE-2021-4093', 'CVE-2021-4157', 'CVE-2021-4197', 'CVE-2021-4203', 'CVE-2021-20322', 'CVE-2021-21781', 'CVE-2021-26401', 'CVE-2021-29154', 'CVE-2021-37159', 'CVE-2021-41864', 'CVE-2021-42739', 'CVE-2021-43056', 'CVE-2021-43389', 'CVE-2021-43976', 'CVE-2021-44733', 'CVE-2021-45485', 'CVE-2021-45486', 'CVE-2022-0001', 'CVE-2022-0002', 'CVE-2022-0286', 'CVE-2022-0322', 'CVE-2022-1011');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:1988');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-372.9.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-372.9.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-372.9.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-372.9.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.9.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:20:18", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1988 advisory.\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel.\n A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-3743)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks (CVE-2021-3759)\n\n - A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. (CVE-2021-3773)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. (CVE-2020-13974)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver). (CVE-2020-27820)\n\n - In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References:\n Upstream kernel (CVE-2021-0941)\n\n - kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n - kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n - kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n - An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process's memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11 (CVE-2021-21781)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. (CVE-2022-0286)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-42739)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-18T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2022-1988)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2018-13405", "CVE-2019-18808", "CVE-2020-0404", "CVE-2020-13974", "CVE-2020-27820", "CVE-2020-4788", "CVE-2021-0941", "CVE-2021-20322", "CVE-2021-21781", "CVE-2021-26401", "CVE-2021-29154", "CVE-2021-3612", "CVE-2021-3669", "CVE-2021-37159", "CVE-2021-3743", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3759", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-3773", "CVE-2021-4002", "CVE-2021-4037", "CVE-2021-4083", "CVE-2021-4157", "CVE-2021-41864", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43389", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0286", "CVE-2022-0322", "CVE-2022-1011"], "modified": "2022-05-19T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-stablelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2022-1988.NASL", "href": "https://www.tenable.com/plugins/nessus/161305", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-1988.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161305);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-4788\",\n \"CVE-2020-13974\",\n \"CVE-2020-27820\",\n \"CVE-2021-0941\",\n \"CVE-2021-3612\",\n \"CVE-2021-3669\",\n \"CVE-2021-3743\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3759\",\n \"CVE-2021-3764\",\n \"CVE-2021-3772\",\n \"CVE-2021-3773\",\n \"CVE-2021-4002\",\n \"CVE-2021-4037\",\n \"CVE-2021-4083\",\n \"CVE-2021-4157\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-20322\",\n \"CVE-2021-21781\",\n \"CVE-2021-26401\",\n \"CVE-2021-29154\",\n \"CVE-2021-37159\",\n \"CVE-2021-41864\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\",\n \"CVE-2021-43389\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0286\",\n \"CVE-2022-0322\",\n \"CVE-2022-1011\"\n );\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2022-1988)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-1988 advisory.\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions\n before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the\n system or possibly escalate their privileges on the system. The highest threat from this vulnerability is\n to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev\n without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel.\n A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system\n crash or a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-3743)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux\n kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an\n off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this\n vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source\n port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some\n regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the\n memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks\n (CVE-2021-3759)\n\n - A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint\n information for further use in traditional network attacks. (CVE-2021-3773)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual\n root cause. This could lead to local escalation of privilege in the kernel with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer\n overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community\n argue that the integer overflow does not lead to a security issue in this case. (CVE-2020-13974)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could\n happen if removing device (that is not common to remove video card physically without power-off, but same\n happens if unbind the driver). (CVE-2020-27820)\n\n - In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References:\n Upstream kernel (CVE-2021-0941)\n\n - kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n - kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n - kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n - An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66\n and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read\n the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process's\n memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222\n 4.19.177 5.4.99 5.10.17 5.11 (CVE-2021-21781)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in\n the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows\n an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local\n denial of service. (CVE-2022-0286)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in\n privilege escalation. (CVE-2022-1011)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user\n calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or\n escalate privileges on the system. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-42739)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-1988.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3773\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-372.9.1.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-1988');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-abi-stablelists-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-stablelists-4.18.0'},\n {'reference':'kernel-core-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:20:19", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1988 advisory.\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. (CVE-2020-13974)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver). (CVE-2020-27820)\n\n - In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References:\n Upstream kernel (CVE-2021-0941)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel.\n A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-3743)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. (CVE-2021-3773)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process's memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11 (CVE-2021-21781)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. (CVE-2022-0286)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-12T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel (ALSA-2022:1988)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2019-18808", "CVE-2020-0404", "CVE-2020-13974", "CVE-2020-27820", "CVE-2020-4788", "CVE-2021-0941", "CVE-2021-20322", "CVE-2021-21781", "CVE-2021-26401", "CVE-2021-29154", "CVE-2021-3612", "CVE-2021-3669", "CVE-2021-37159", "CVE-2021-3743", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3759", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-3773", "CVE-2021-4002", "CVE-2021-4037", "CVE-2021-4083", "CVE-2021-4157", "CVE-2021-41864", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43389", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0286", "CVE-2022-0322", "CVE-2022-1011"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bpftool", "p-cpe:/a:alma:linux:kernel", "p-cpe:/a:alma:linux:kernel-abi-stablelists", "p-cpe:/a:alma:linux:kernel-core", "p-cpe:/a:alma:linux:kernel-cross-headers", "p-cpe:/a:alma:linux:kernel-debug", "p-cpe:/a:alma:linux:kernel-debug-core", "p-cpe:/a:alma:linux:kernel-debug-devel", "p-cpe:/a:alma:linux:kernel-debug-modules", "p-cpe:/a:alma:linux:kernel-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-devel", "p-cpe:/a:alma:linux:kernel-headers", "p-cpe:/a:alma:linux:kernel-modules", "p-cpe:/a:alma:linux:kernel-modules-extra", "p-cpe:/a:alma:linux:kernel-tools", "p-cpe:/a:alma:linux:kernel-tools-libs", "p-cpe:/a:alma:linux:perf", "p-cpe:/a:alma:linux:python3-perf", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2022-1988.NASL", "href": "https://www.tenable.com/plugins/nessus/161093", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:1988.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161093);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-4788\",\n \"CVE-2020-13974\",\n \"CVE-2020-27820\",\n \"CVE-2021-0941\",\n \"CVE-2021-3612\",\n \"CVE-2021-3669\",\n \"CVE-2021-3743\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3759\",\n \"CVE-2021-3764\",\n \"CVE-2021-3772\",\n \"CVE-2021-3773\",\n \"CVE-2021-4002\",\n \"CVE-2021-4037\",\n \"CVE-2021-4083\",\n \"CVE-2021-4157\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-20322\",\n \"CVE-2021-21781\",\n \"CVE-2021-26401\",\n \"CVE-2021-29154\",\n \"CVE-2021-37159\",\n \"CVE-2021-41864\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\",\n \"CVE-2021-43389\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0286\",\n \"CVE-2022-0322\",\n \"CVE-2022-1011\"\n );\n script_xref(name:\"ALSA\", value:\"2022:1988\");\n\n script_name(english:\"AlmaLinux 8 : kernel (ALSA-2022:1988)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:1988 advisory.\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual\n root cause. This could lead to local escalation of privilege in the kernel with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer\n overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community\n argue that the integer overflow does not lead to a security issue in this case. (CVE-2020-13974)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could\n happen if removing device (that is not common to remove video card physically without power-off, but same\n happens if unbind the driver). (CVE-2020-27820)\n\n - In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References:\n Upstream kernel (CVE-2021-0941)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions\n before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the\n system or possibly escalate their privileges on the system. The highest threat from this vulnerability is\n to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel.\n A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system\n crash or a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-3743)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint\n information for further use in traditional network attacks. (CVE-2021-3773)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some\n regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the\n memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux\n kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an\n off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this\n vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source\n port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66\n and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read\n the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process's\n memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222\n 4.19.177 5.4.99 5.10.17 5.11 (CVE-2021-21781)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev\n without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user\n calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or\n escalate privileges on the system. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in\n the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows\n an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local\n denial of service. (CVE-2022-0286)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in\n privilege escalation. (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-1988.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3773\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-0404', 'CVE-2020-4788', 'CVE-2020-13974', 'CVE-2020-27820', 'CVE-2021-0941', 'CVE-2021-3612', 'CVE-2021-3669', 'CVE-2021-3743', 'CVE-2021-3744', 'CVE-2021-3752', 'CVE-2021-3759', 'CVE-2021-3764', 'CVE-2021-3772', 'CVE-2021-3773', 'CVE-2021-4002', 'CVE-2021-4037', 'CVE-2021-4083', 'CVE-2021-4157', 'CVE-2021-4197', 'CVE-2021-4203', 'CVE-2021-20322', 'CVE-2021-21781', 'CVE-2021-26401', 'CVE-2021-29154', 'CVE-2021-37159', 'CVE-2021-41864', 'CVE-2021-42739', 'CVE-2021-43056', 'CVE-2021-43389', 'CVE-2021-43976', 'CVE-2021-44733', 'CVE-2021-45485', 'CVE-2021-45486', 'CVE-2022-0001', 'CVE-2022-0002', 'CVE-2022-0286', 'CVE-2022-0322', 'CVE-2022-1011');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:1988');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-21T14:55:28", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2020-0466)\n\n - fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDI
CVE-2020-0404
