CVE-2020-15437

2020-11-23T21:15:00

Description

The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.

Affected Software

CPE Name	Name	Version
linux:linux_kernel	linux linux kernel	5.8

{"id": "CVE-2020-15437", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-15437", "description": "The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.", "published": "2020-11-23T21:15:00", "modified": "2020-12-02T19:24:00", "epss": [{"cve": "CVE-2020-15437", "epss": 0.00042, "percentile": 0.05731, "modified": "2023-12-02"}], "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9}, "severity": "MEDIUM", "exploitabilityScore": 3.9, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 0.8, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15437", "reporter": "securities@openeuler.org", "references": ["https://lkml.org/lkml/2020/7/21/80"], "cvelist": ["CVE-2020-15437"], "immutableFields": [], "lastseen": "2023-12-02T15:31:14", "viewCount": 168, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1578"]}, {"type": "cbl_mariner", "idList": ["CBLMARINER:3633"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-15437"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2021-1578.NASL", "CENTOS8_RHSA-2021-1578.NASL", "EULEROS_SA-2021-1009.NASL", "EULEROS_SA-2021-1028.NASL", "EULEROS_SA-2021-1039.NASL", "EULEROS_SA-2021-1079.NASL", "EULEROS_SA-2021-1311.NASL", "EULEROS_SA-2021-1604.NASL", "EULEROS_SA-2021-1642.NASL", "EULEROS_SA-2021-1684.NASL", "EULEROS_SA-2021-2040.NASL", "OPENSUSE-2020-2161.NASL", "OPENSUSE-2020-2193.NASL", "OPENSUSE-2020-2260.NASL", "OPENSUSE-2021-242.NASL", "ORACLELINUX_ELSA-2021-1578.NASL", "REDHAT-RHSA-2021-1578.NASL", "REDHAT-RHSA-2021-1739.NASL", "SUSE_SU-2020-3715-1.NASL", "SUSE_SU-2020-3717-1.NASL", "SUSE_SU-2020-3718-1.NASL", "SUSE_SU-2020-3748-1.NASL", "SUSE_SU-2020-3764-1.NASL", "SUSE_SU-2020-3798-1.NASL", "SUSE_SU-2021-0434-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-0452-1.NASL", "SUSE_SU-2021-14630-1.NASL", "UBUNTU_USN-4752-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-1578", "ELSA-2021-9005", "ELSA-2021-9008"]}, {"type": "photon", "idList": ["PHSA-2020-0127", "PHSA-2020-0321", "PHSA-2020-3.0-0127"]}, {"type": "prion", "idList": ["PRION:CVE-2020-15437"]}, {"type": "redhat", "idList": ["RHSA-2021:1578", "RHSA-2021:1739", "RHSA-2021:2121", "RHSA-2021:2136"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-15437"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:2161-1", "OPENSUSE-SU-2020:2193-1", "OPENSUSE-SU-2020:2260-1", "OPENSUSE-SU-2021:0242-1"]}, {"type": "ubuntu", "idList": ["USN-4752-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-15437"]}, {"type": "veracode", "idList": ["VERACODE:30573"]}]}, "score": {"value": 5.0, "uncertanity": 1.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1578"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-15437"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/UBUNTU-CVE-2020-28588/"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2021-1578.NASL", "EULEROS_SA-2021-1079.NASL", "EULEROS_SA-2021-1311.NASL", "OPENSUSE-2020-2161.NASL", "OPENSUSE-2020-2193.NASL", "OPENSUSE-2020-2260.NASL", "OPENSUSE-2021-242.NASL", "ORACLELINUX_ELSA-2021-1578.NASL", "REDHAT-RHSA-2021-1578.NASL", "REDHAT-RHSA-2021-1739.NASL", "SUSE_SU-2020-3715-1.NASL", "SUSE_SU-2020-3717-1.NASL", "SUSE_SU-2020-3718-1.NASL", "SUSE_SU-2020-3748-1.NASL", "SUSE_SU-2020-3764-1.NASL", "SUSE_SU-2020-3798-1.NASL", "SUSE_SU-2021-0434-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-0452-1.NASL", "SUSE_SU-2021-14630-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-1578", "ELSA-2021-9005", "ELSA-2021-9008"]}, {"type": "photon", "idList": ["PHSA-2020-3.0-0127"]}, {"type": "redhat", "idList": ["RHSA-2021:1578"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-15437"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:2161-1", "OPENSUSE-SU-2020:2193-1", "OPENSUSE-SU-2020:2260-1", "OPENSUSE-SU-2021:0242-1"]}, {"type": "ubuntu", "idList": ["USN-4752-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-15437"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "linux linux kernel", "version": 5}]}, "epss": [{"cve": "CVE-2020-15437", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}], "short_description": " Linux kernel before version 5.8, NULL pointer dereference vulnerability in serial8250_isa_init_ports(", "tags": ["linux kernel", "vulnerability", "null pointer", "serial8250_isa_init_ports", "nvd", "cve-2020-15437"], "vulnersScore": 5.0}, "_state": {"dependencies": 1701535145, "score": 1701533623, "affected_software_major_version": 0, "epss": 0, "chatgpt": 0}, "_internal": {"score_hash": "c8c3c5add73436e2342b80b195f2ce32", "chatgpt": "bcd8b0c2eb1fce714eab6cef0d771acc"}, "cna_cvss": {"cna": "openEuler", "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-476"], "affectedSoftware": [{"cpeName": "linux:linux_kernel", "version": "5.8", "operator": "lt", "name": "linux linux kernel"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.8:*:*:*:*:*:*:*", "versionEndExcluding": "5.8", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://lkml.org/lkml/2020/7/21/80", "name": "https://lkml.org/lkml/2020/7/21/80", "refsource": "MISC", "tags": ["Exploit", "Patch", "Vendor Advisory"]}], "product_info": [{"vendor": "Linux", "product": "Linux_kernel"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "NULL Pointer Dereference", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "2020-06-30T00:00:00"}

{"redhatcve": [{"lastseen": "2023-12-02T17:39:59", "description": "A NULL pointer dereference flaw was found in the Linux kernel\u2019s UART 8250 functionality, in the way certain hardware architectures handled situations where default ports (0x2E8, 0x2F8, 0x3E8, 0x3F8) are not available. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-24T16:32:03", "type": "redhatcve", "title": "CVE-2020-15437", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15437"], "modified": "2023-04-06T07:52:47", "id": "RH:CVE-2020-15437", "href": "https://access.redhat.com/security/cve/cve-2020-15437", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "veracode": [{"lastseen": "2022-07-26T16:36:26", "description": "kernel is vulnerable to denial of service. A NULL pointer dereference in `drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports()` allows local users to cause a denial of service by using the `p->serial_in` pointer which is uninitialized. \n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-20T15:28:51", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15437"], "modified": "2022-04-19T18:13:48", "id": "VERACODE:30573", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30573/summary", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "prion": [{"lastseen": "2023-11-22T01:21:52", "description": "The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-23T21:15:00", "type": "prion", "title": "Null pointer dereference", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15437"], "modified": "2020-12-02T19:24:00", "id": "PRION:CVE-2020-15437", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-15437", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "cbl_mariner": [{"lastseen": "2023-12-02T20:18:18", "description": "CVE-2020-15437 affecting package kernel 5.4.91-6. A patched version of the package is available.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-01-29T07:40:05", "type": "cbl_mariner", "title": "CVE-2020-15437 affecting package kernel 5.4.91-6", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15437"], "modified": "2021-01-29T07:40:05", "id": "CBLMARINER:3633", "href": "", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "debiancve": [{"lastseen": "2023-12-02T18:27:20", "description": "The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-23T21:15:00", "type": "debiancve", "title": "CVE-2020-15437", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15437"], "modified": "2020-11-23T21:15:00", "id": "DEBIANCVE:CVE-2020-15437", "href": "https://security-tracker.debian.org/tracker/CVE-2020-15437", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2023-12-02T14:14:39", "description": "The Linux kernel before version 5.8 is vulnerable to a NULL pointer\ndereference in\ndrivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows\nlocal users to cause a denial of service by using the p->serial_in pointer\nwhich uninitialized.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-23T00:00:00", "type": "ubuntucve", "title": "CVE-2020-15437", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15437"], "modified": "2020-11-23T00:00:00", "id": "UB:CVE-2020-15437", "href": "https://ubuntu.com/security/CVE-2020-15437", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2023-05-18T15:26:29", "description": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c where uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd (bnc#1179429).\n\n - CVE-2020-15436: Use-after-free vulnerability in fs/block_dev.c allowed local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field (bnc#1179141).\n\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666).\n\n - CVE-2018-20669: An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c, where a local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation (bnc#1122971).\n\n - CVE-2020-15437: The Linux kernel was vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ ports() that allowed local users to cause a denial of service by using the p->serial_in pointer which uninitialized (bnc#1179140).\n\n - CVE-2020-27777: Restrict RTAS requests from userspace (CVE-2020-27777 bsc#1179107).\n\n - CVE-2020-28974: A slab-out-of-bounds read in fbcon could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height (bnc#1178589).\n\nThe following non-security bugs were fixed :\n\n - ACPI: GED: fix -Wformat (git-fixes).\n\n - ALSA: ctl: fix error path at adding user-defined element set (git-fixes).\n\n - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).\n\n - ALSA: mixart: Fix mutex deadlock (git-fixes).\n\n - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n\n - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes).\n\n - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes).\n\n - Convert trailing spaces and periods in path components (bsc#1179424).\n\n - Drivers: hv: vmbus: Remove the unused 'tsc_page' from struct hv_context (git-fixes).\n\n - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666)\n\n - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666)\n\n - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666)\n\n - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666)\n\n - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666)\n\n - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666)\n\n - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666)\n\n - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)\n\n - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666)\n\n - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666)\n\n - IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666)\n\n - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666)\n\n - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)\n\n - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666)\n\n - IB/hfi1: Handle port down properly in pio (bsc#1111666)\n\n - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666)\n\n - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666)\n\n - IB/hfi1: Remove unused define (bsc#1111666)\n\n - IB/hfi1: Silence txreq allocation warnings (bsc#1111666)\n\n - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666)\n\n - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666)\n\n - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666)\n\n - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666)\n\n - IB/ipoib: drop useless LIST_HEAD (bsc#1111666)\n\n - IB/iser: Fix dma_nents type definition (bsc#1111666)\n\n - IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666)\n\n - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666)\n\n - IB/mlx4: Add and improve logging (bsc#1111666)\n\n - IB/mlx4: Add support for MRA (bsc#1111666)\n\n - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666)\n\n - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)\n\n - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666)\n\n - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666)\n\n - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666)\n\n - IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666)\n\n - IB/mlx4: Remove unneeded NULL check (bsc#1111666)\n\n - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666)\n\n - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666)\n\n - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666)\n\n - IB/mlx5: Do not override existing ip_protocol (bsc#1111666)\n\n - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666)\n\n - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666)\n\n - IB/mlx5: Fix implicit MR release flow (bsc#1111666)\n\n - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666)\n\n - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666)\n\n - IB/mlx5: Improve ODP debugging messages (bsc#1111666)\n\n - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666)\n\n - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666)\n\n - IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666)\n\n - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666)\n\n - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666)\n\n - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666)\n\n - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666)\n\n - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666)\n\n - IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)\n\n - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666)\n\n - IB/qib: Remove a set-but-not-used variable (bsc#1111666)\n\n - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666)\n\n - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)\n\n - IB/rdmavt: Fix sizeof mismatch (bsc#1111666)\n\n - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666)\n\n - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666)\n\n - IB/rxe: Make counters thread safe (bsc#1111666)\n\n - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)\n\n - IB/umad: Avoid additional device reference during open()/close() (bsc#1111666)\n\n - IB/umad: Avoid destroying device while it is accessed (bsc#1111666)\n\n - IB/umad: Do not check status of nonseekable_open() (bsc#1111666)\n\n - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666)\n\n - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666)\n\n - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666)\n\n - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666)\n\n - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666)\n\n - IB/(hfi1, qib): Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666)\n\n - IB/(qib, hfi1, rdmavt): Correct ibv_devinfo max_mr value (bsc#1111666)\n\n - KVM host: kabi fixes for psci_version (bsc#1174726).\n\n - KVM: arm64: Add missing #include of <linux/string.h> in guest.c (bsc#1174726).\n\n - KVM: arm64: Factor out core register ID enumeration (bsc#1174726).\n\n - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726).\n\n - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726).\n\n - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726).\n\n - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).\n\n - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).\n\n - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes).\n\n - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666)\n\n - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666)\n\n - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666)\n\n - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666)\n\n - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666)\n\n - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666)\n\n - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666)\n\n - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666)\n\n - RDMA/cma: Fix false error message (bsc#1111666)\n\n - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666)\n\n - RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666)\n\n - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666)\n\n - RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666)\n\n - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666)\n\n - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666)\n\n - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666)\n\n - RDMA/core: Fix race between destroy and release FD object (bsc#1111666)\n\n - RDMA/core: Fix race when resolving IP address (bsc#1111666)\n\n - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666)\n\n - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666)\n\n - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666)\n\n - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666)\n\n - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666)\n\n - RDMA/hns: Set the unsupported wr opcode (bsc#1111666)\n\n - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666)\n\n - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666)\n\n - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666)\n\n - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666)\n\n - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666)\n\n - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666)\n\n - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666)\n\n - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666)\n\n - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)\n\n - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)\n\n - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666)\n\n - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666)\n\n - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)\n\n - RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666)\n\n - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666)\n\n - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666)\n\n - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666)\n\n - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666)\n\n - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666)\n\n - RDMA/mlx5: Return proper error value (bsc#1111666)\n\n - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666)\n\n - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666)\n\n - RDMA/nes: Remove second wait queue initialization call (bsc#1111666)\n\n - RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666)\n\n - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666)\n\n - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666)\n\n - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666)\n\n - RDMA/qedr: Endianness warnings cleanup (bsc#1111666)\n\n - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545).\n\n - RDMA/qedr: Fix doorbell setting (bsc#1111666)\n\n - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ).\n\n - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666)\n\n - RDMA/qedr: Fix reported firmware version (bsc#1111666)\n\n - RDMA/qedr: Fix use of uninitialized field (bsc#1111666)\n\n - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666)\n\n - RDMA/qedr: SRQ's bug fixes (bsc#1111666)\n\n - RDMA/qib: Delete extra line (bsc#1111666)\n\n - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666)\n\n - RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666)\n\n - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666)\n\n - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666)\n\n - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666)\n\n - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666)\n\n - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666)\n\n - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666)\n\n - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666)\n\n - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666)\n\n - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666)\n\n - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666)\n\n - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666)\n\n - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666)\n\n - RDMA/rxe: Set default vendor ID (bsc#1111666)\n\n - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666)\n\n - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)\n\n - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666)\n\n - RDMA/srp: Rework SCSI device reset handling (bsc#1111666)\n\n - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666)\n\n - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666)\n\n - RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666)\n\n - RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666)\n\n - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666)\n\n - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666)\n\n - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666)\n\n - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666)\n\n - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666)\n\n - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (bsc#1179418).\n\n - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992).\n\n - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes).\n\n - USB: core: Fix regression in Hercules audio card (git-fixes).\n\n - Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes).\n\n - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726).\n\n - arm64: KVM: Fix system register enumeration (bsc#1174726).\n\n - ath10k: Acquire tx_lock in tx error paths (git-fixes).\n\n - batman-adv: set .owner to THIS_MODULE (git-fixes).\n\n - bnxt_en: Fix race when modifying pause settings (bsc#1050242 ).\n\n - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242).\n\n - btrfs: account ticket size at add/delete time (bsc#1178897).\n\n - btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897).\n\n - btrfs: check rw_devices, not num_devices for balance (bsc#1178897).\n\n - btrfs: do not delete mismatched root refs (bsc#1178962).\n\n - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897).\n\n - btrfs: fix force usage in inc_block_group_ro (bsc#1178897).\n\n - btrfs: fix invalid removal of root ref (bsc#1178962).\n\n - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897).\n\n - btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897).\n\n - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897).\n\n - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962).\n\n - btrfs: split dev-replace locking helpers for read and write (bsc#1178897). Needed as a prep patch for further improvements around btrfs.\n\n - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).\n\n - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes).\n\n - ceph: add check_session_state() helper and make it global (bsc#1179259).\n\n - ceph: check session state after bumping session->s_seq (bsc#1179259).\n\n - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).\n\n - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).\n\n - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).\n\n - cifs: remove bogus debug code (bsc#1179427).\n\n - cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129).\n\n - docs: ABI: stable: remove a duplicated documentation (git-fixes).\n\n - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).\n\n - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes).\n\n - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes).\n\n - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).\n\n - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).\n\n - efi/x86: Free efi_pgd with free_pages() (bsc#1112178).\n\n - efi/x86: Ignore the memory attributes table on i386 (git-fixes).\n\n - efi/x86: Map the entire EFI vendor string before copying it (git-fixes).\n\n - efi: cper: Fix possible out-of-bounds access (git-fixes).\n\n - efi: provide empty efi_enter_virtual_mode implementation (git-fixes).\n\n - efivarfs: fix memory leak in efivarfs_create() (git-fixes).\n\n - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes).\n\n - fuse: fix page dereference after free (bsc#1179213).\n\n - hv_balloon: disable warning when floor reached (git-fixes).\n\n - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666)\n\n - i40iw: Report correct firmware version (bsc#1111666)\n\n - i40iw: fix NULL pointer dereference on a null wqe pointer (bsc#1111666)\n\n - igc: Fix returning wrong statistics (bsc#1118657).\n\n - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).\n\n - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).\n\n - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666)\n\n - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666)\n\n - kABI workaround for usermodehelper changes (bsc#1179406).\n\n - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - mac80211: always wind down STA state (git-fixes).\n\n - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).\n\n - mlxsw: core: Fix memory leak on module removal (bsc#1112374).\n\n - mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178).\n\n - net/tls: Fix kmap usage (bsc#1109837).\n\n - net/tls: missing received data after fast remote close (bsc#1109837).\n\n - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ).\n\n - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).\n\n - net: ena: handle bad request id in ena_netdev (git-fixes).\n\n - net: qed: fix 'maybe uninitialized' warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389).\n\n - net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096).\n\n - net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787).\n\n - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).\n\n - nfp: use correct define to return NONE fec (bsc#1109837).\n\n - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).\n\n - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).\n\n - pinctrl: aspeed: Fix GPI only function problem (git-fixes).\n\n - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).\n\n - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes).\n\n - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545).\n\n - qed: suppress 'do not support RoCE & iWARP' flooding on HW init (bsc#1050536 bsc#1050545).\n\n - qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - reboot: fix overflow parsing reboot cpu number (bsc#1179421).\n\n - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666)\n\n - rxe: fix error completion wr_id and qp_num (bsc#1111666)\n\n - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737).\n\n - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937).\n\n - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739).\n\n - s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323).\n\n - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178).\n\n - sched/x86: SaveFLAGS on context switch (bsc#1112178).\n\n - scripts/git_sort/git_sort.py: add ceph maintainers git tree\n\n - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666)\n\n - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).\n\n - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992).\n\n - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992).\n\n - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837).\n\n - tracing: Fix out of bounds write in get_trace_buf (bsc#1179403).\n\n - tty: serial: imx: keep console clocks always on (git-fixes).\n\n - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).\n\n - usb: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).\n\n - usb: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).\n\n - usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes).\n\n - usermodehelper: reset umask to default before executing user process (bsc#1179406).\n\n - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).\n\n - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes).\n\n - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes).\n\n - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes).\n\n - x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n\n - x86/hyperv: Make vapic support x2apic mode (git-fixes).\n\n - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178).\n\n - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178).\n\n - x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes).\n\n - xfrm: Fix memleak on xfrm state destroy (bsc#1158775).\n\n - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes).", "cvss3": {}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-2193)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-27777", "CVE-2020-28974", "CVE-2020-29371", "CVE-2020-4788"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2193.NASL", "href": "https://www.tenable.com/plugins/nessus/143542", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2193.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143542);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2018-20669\", \"CVE-2020-15436\", \"CVE-2020-15437\", \"CVE-2020-27777\", \"CVE-2020-28974\", \"CVE-2020-29371\", \"CVE-2020-4788\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-2193)\");\n script_summary(english:\"Check for the openSUSE-2020-2193 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.2 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-29371: An issue was discovered in\n romfs_dev_read in fs/romfs/storage.c where uninitialized\n memory leaks to userspace, aka CID-bcf85fcedfdd\n (bnc#1179429).\n\n - CVE-2020-15436: Use-after-free vulnerability in\n fs/block_dev.c allowed local users to gain privileges or\n cause a denial of service by leveraging improper access\n to a certain error field (bnc#1179141).\n\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1)\n processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under\n extenuating circumstances. IBM X-Force ID: 189296\n (bnc#1177666).\n\n - CVE-2018-20669: An issue where a provided address with\n access_ok() is not checked was discovered in\n i915_gem_execbuffer2_ioctl in\n drivers/gpu/drm/i915/i915_gem_execbuffer.c, where a\n local attacker can craft a malicious IOCTL function call\n to overwrite arbitrary kernel memory, resulting in a\n Denial of Service or privilege escalation (bnc#1122971).\n\n - CVE-2020-15437: The Linux kernel was vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_\n ports() that allowed local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized (bnc#1179140).\n\n - CVE-2020-27777: Restrict RTAS requests from userspace\n (CVE-2020-27777 bsc#1179107).\n\n - CVE-2020-28974: A slab-out-of-bounds read in fbcon could\n be used by local attackers to read privileged\n information or potentially crash the kernel, aka\n CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in\n drivers/tty/vt/vt.c can be used for manipulations such\n as font height (bnc#1178589).\n\nThe following non-security bugs were fixed :\n\n - ACPI: GED: fix -Wformat (git-fixes).\n\n - ALSA: ctl: fix error path at adding user-defined element\n set (git-fixes).\n\n - ALSA: firewire: Clean up a locking issue in\n copy_resp_to_buf() (git-fixes).\n\n - ALSA: mixart: Fix mutex deadlock (git-fixes).\n\n - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n\n - Bluetooth: btusb: Fix and detect most of the Chinese\n Bluetooth controllers (git-fixes).\n\n - Bluetooth: hci_bcm: fix freeing not-requested IRQ\n (git-fixes).\n\n - Convert trailing spaces and periods in path components\n (bsc#1179424).\n\n - Drivers: hv: vmbus: Remove the unused 'tsc_page' from\n struct hv_context (git-fixes).\n\n - IB/cma: Fix ports memory leak in cma_configfs\n (bsc#1111666)\n\n - IB/core: Set qp->real_qp before it may be accessed\n (bsc#1111666)\n\n - IB/hfi1, qib: Ensure RCU is locked when accessing list\n (bsc#1111666)\n\n - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats\n (bsc#1111666)\n\n - IB/hfi1: Add missing INVALIDATE opcodes for trace\n (bsc#1111666)\n\n - IB/hfi1: Add software counter for ctxt0 seq drop\n (bsc#1111666)\n\n - IB/hfi1: Avoid hardlockup with flushlist_lock\n (bsc#1111666)\n\n - IB/hfi1: Call kobject_put() when kobject_init_and_add()\n fails (bsc#1111666)\n\n - IB/hfi1: Check for error on call to alloc_rsm_map_table\n (bsc#1111666)\n\n - IB/hfi1: Close PSM sdma_progress sleep window\n (bsc#1111666)\n\n - IB/hfi1: Define variables as unsigned long to fix KASAN\n warning (bsc#1111666)\n\n - IB/hfi1: Ensure full Gen3 speed in a Gen4 system\n (bsc#1111666)\n\n - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)\n\n - IB/hfi1: Fix memory leaks in sysfs registration and\n unregistration (bsc#1111666)\n\n - IB/hfi1: Handle port down properly in pio (bsc#1111666)\n\n - IB/hfi1: Handle wakeup of orphaned QPs for pio\n (bsc#1111666)\n\n - IB/hfi1: Insure freeze_work work_struct is canceled on\n shutdown (bsc#1111666)\n\n - IB/hfi1: Remove unused define (bsc#1111666)\n\n - IB/hfi1: Silence txreq allocation warnings (bsc#1111666)\n\n - IB/hfi1: Validate page aligned for a given virtual\n address (bsc#1111666)\n\n - IB/hfi1: Wakeup QPs orphaned on wait list after flush\n (bsc#1111666)\n\n - IB/ipoib: Fix double free of skb in case of multicast\n traffic in CM mode (bsc#1111666)\n\n - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start\n (bsc#1111666)\n\n - IB/ipoib: drop useless LIST_HEAD (bsc#1111666)\n\n - IB/iser: Fix dma_nents type definition (bsc#1111666)\n\n - IB/iser: Pass the correct number of entries for dma\n mapped SGL (bsc#1111666)\n\n - IB/mad: Fix use-after-free in ib mad completion handling\n (bsc#1111666)\n\n - IB/mlx4: Add and improve logging (bsc#1111666)\n\n - IB/mlx4: Add support for MRA (bsc#1111666)\n\n - IB/mlx4: Adjust delayed work when a dup is observed\n (bsc#1111666)\n\n - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)\n\n - IB/mlx4: Fix memory leak in add_gid error flow\n (bsc#1111666)\n\n - IB/mlx4: Fix race condition between catas error reset\n and aliasguid flows (bsc#1111666)\n\n - IB/mlx4: Fix starvation in paravirt mux/demux\n (bsc#1111666)\n\n - IB/mlx4: Follow mirror sequence of device add during\n device removal (bsc#1111666)\n\n - IB/mlx4: Remove unneeded NULL check (bsc#1111666)\n\n - IB/mlx4: Test return value of calls to\n ib_get_cached_pkey (bsc#1111666)\n\n - IB/mlx5: Add missing XRC options to QP optional params\n mask (bsc#1111666)\n\n - IB/mlx5: Compare only index part of a memory window rkey\n (bsc#1111666)\n\n - IB/mlx5: Do not override existing ip_protocol\n (bsc#1111666)\n\n - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the\n HW specification (bsc#1111666)\n\n - IB/mlx5: Fix clean_mr() to work in the expected order\n (bsc#1111666)\n\n - IB/mlx5: Fix implicit MR release flow (bsc#1111666)\n\n - IB/mlx5: Fix outstanding_pi index for GSI qps\n (bsc#1111666)\n\n - IB/mlx5: Fix unreg_umr to ignore the mkey state\n (bsc#1111666)\n\n - IB/mlx5: Improve ODP debugging messages (bsc#1111666)\n\n - IB/mlx5: Move MRs to a kernel PD when freeing them to\n the MR cache (bsc#1111666)\n\n - IB/mlx5: Prevent concurrent MR updates during\n invalidation (bsc#1111666)\n\n - IB/mlx5: Reset access mask when looping inside page\n fault handler (bsc#1111666)\n\n - IB/mlx5: Set correct write permissions for implicit ODP\n MR (bsc#1111666)\n\n - IB/mlx5: Use direct mkey destroy command upon UMR unreg\n failure (bsc#1111666)\n\n - IB/mlx5: Use fragmented QP's buffer for in-kernel users\n (bsc#1111666)\n\n - IB/mlx5: WQE dump jumps over first 16 bytes\n (bsc#1111666)\n\n - IB/mthca: fix return value of error branch in\n mthca_init_cq() (bsc#1111666)\n\n - IB/qib: Call kobject_put() when kobject_init_and_add()\n fails (bsc#1111666)\n\n - IB/qib: Fix an error code in qib_sdma_verbs_send()\n (bsc#1111666)\n\n - IB/qib: Remove a set-but-not-used variable (bsc#1111666)\n\n - IB/rdmavt: Convert timers to use timer_setup()\n (bsc#1111666)\n\n - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)\n\n - IB/rdmavt: Fix sizeof mismatch (bsc#1111666)\n\n - IB/rdmavt: Reset all QPs when the device is shut down\n (bsc#1111666)\n\n - IB/rxe: Fix incorrect cache cleanup in error flow\n (bsc#1111666)\n\n - IB/rxe: Make counters thread safe (bsc#1111666)\n\n - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)\n\n - IB/umad: Avoid additional device reference during\n open()/close() (bsc#1111666)\n\n - IB/umad: Avoid destroying device while it is accessed\n (bsc#1111666)\n\n - IB/umad: Do not check status of nonseekable_open()\n (bsc#1111666)\n\n - IB/umad: Fix kernel crash while unloading ib_umad\n (bsc#1111666)\n\n - IB/umad: Refactor code to use cdev_device_add()\n (bsc#1111666)\n\n - IB/umad: Simplify and avoid dynamic allocation of class\n (bsc#1111666)\n\n - IB/usnic: Fix out of bounds index check in query pkey\n (bsc#1111666)\n\n - IB/uverbs: Fix OOPs upon device disassociation\n (bsc#1111666)\n\n - IB/(hfi1, qib): Fix WC.byte_len calculation for\n UD_SEND_WITH_IMM (bsc#1111666)\n\n - IB/(qib, hfi1, rdmavt): Correct ibv_devinfo max_mr value\n (bsc#1111666)\n\n - KVM host: kabi fixes for psci_version (bsc#1174726).\n\n - KVM: arm64: Add missing #include of <linux/string.h> in\n guest.c (bsc#1174726).\n\n - KVM: arm64: Factor out core register ID enumeration\n (bsc#1174726).\n\n - KVM: arm64: Filter out invalid core register IDs in\n KVM_GET_REG_LIST (bsc#1174726).\n\n - KVM: arm64: Refactor kvm_arm_num_regs() for easier\n maintenance (bsc#1174726).\n\n - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE\n vcpus (bsc#1174726).\n\n - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).\n\n - NFS: only invalidate dentrys that are clearly invalid\n (bsc#1178669 bsc#1170139).\n\n - PCI: pci-hyperv: Fix build errors on non-SYSFS config\n (git-fixes).\n\n - RDMA/bnxt_re: Fix Send Work Entry state check while\n polling completions (bsc#1111666)\n\n - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task\n (bsc#1111666)\n\n - RDMA/bnxt_re: Fix sizeof mismatch for allocation of\n pbl_tbl. (bsc#1111666)\n\n - RDMA/bnxt_re: Fix stack-out-of-bounds in\n bnxt_qplib_rcfw_send_message (bsc#1111666)\n\n - RDMA/cm: Add missing locking around id.state in\n cm_dup_req_handler (bsc#1111666)\n\n - RDMA/cm: Fix checking for allowed duplicate listens\n (bsc#1111666)\n\n - RDMA/cm: Remove a race freeing timewait_info\n (bsc#1111666)\n\n - RDMA/cm: Update num_paths in cma_resolve_iboe_route\n error flow (bsc#1111666)\n\n - RDMA/cma: Fix false error message (bsc#1111666)\n\n - RDMA/cma: Protect bind_list and listen_list while\n finding matching cm id (bsc#1111666)\n\n - RDMA/cma: add missed unregister_pernet_subsys in init\n failure (bsc#1111666)\n\n - RDMA/cma: fix null-ptr-deref Read in cma_cleanup\n (bsc#1111666)\n\n - RDMA/core: Do not depend device ODP capabilities on\n kconfig option (bsc#1111666)\n\n - RDMA/core: Fix invalid memory access in spec_filter_size\n (bsc#1111666)\n\n - RDMA/core: Fix locking in ib_uverbs_event_read\n (bsc#1111666)\n\n - RDMA/core: Fix protection fault in ib_mr_pool_destroy\n (bsc#1111666)\n\n - RDMA/core: Fix race between destroy and release FD\n object (bsc#1111666)\n\n - RDMA/core: Fix race when resolving IP address\n (bsc#1111666)\n\n - RDMA/core: Prevent mixed use of FDs between shared\n ufiles (bsc#1111666)\n\n - RDMA/cxgb3: Delete and properly mark unimplemented\n resize CQ function (bsc#1111666)\n\n - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN\n (bsc#1111666)\n\n - RDMA/hns: Correct typo of hns_roce_create_cq()\n (bsc#1111666)\n\n - RDMA/hns: Remove unsupported modify_port callback\n (bsc#1111666)\n\n - RDMA/hns: Set the unsupported wr opcode (bsc#1111666)\n\n - RDMA/i40iw: Set queue pair state when being queried\n (bsc#1111666)\n\n - RDMA/i40iw: fix a potential NULL pointer dereference\n (bsc#1111666)\n\n - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah()\n (bsc#1111666)\n\n - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666)\n\n - RDMA/ipoib: Return void from ipoib_ib_dev_stop()\n (bsc#1111666)\n\n - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces\n (bsc#1111666)\n\n - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure\n case (bsc#1111666)\n\n - RDMA/iw_cxgb4: Fix the unchecked ep dereference\n (bsc#1111666)\n\n - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)\n\n - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)\n\n - RDMA/iwcm: move iw_rem_ref() calls out of spinlock\n (bsc#1111666)\n\n - RDMA/mad: Fix possible memory leak in\n ib_mad_post_receive_mads() (bsc#1111666)\n\n - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)\n\n - RDMA/mlx4: Read pkey table length instead of hardcoded\n value (bsc#1111666)\n\n - RDMA/mlx5: Clear old rate limit when closing QP\n (bsc#1111666)\n\n - RDMA/mlx5: Delete unreachable handle_atomic code by\n simplifying SW completion (bsc#1111666)\n\n - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an\n implicit MR (bsc#1111666)\n\n - RDMA/mlx5: Fix access to wrong pointer while performing\n flush due to error (bsc#1111666)\n\n - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields'\n (bsc#1111666)\n\n - RDMA/mlx5: Return proper error value (bsc#1111666)\n\n - RDMA/mlx5: Set GRH fields in query QP on RoCE\n (bsc#1111666)\n\n - RDMA/mlx5: Verify that QP is created with RQ or SQ\n (bsc#1111666)\n\n - RDMA/nes: Remove second wait queue initialization call\n (bsc#1111666)\n\n - RDMA/netlink: Do not always generate an ACK for some\n netlink operations (bsc#1111666)\n\n - RDMA/ocrdma: Fix out of bounds index check in query pkey\n (bsc#1111666)\n\n - RDMA/ocrdma: Remove unsupported modify_port callback\n (bsc#1111666)\n\n - RDMA/pvrdma: Fix missing pci disable in\n pvrdma_pci_probe() (bsc#1111666)\n\n - RDMA/qedr: Endianness warnings cleanup (bsc#1111666)\n\n - RDMA/qedr: Fix KASAN: use-after-free in\n ucma_event_handler+0x532 (bsc#1050545).\n\n - RDMA/qedr: Fix doorbell setting (bsc#1111666)\n\n - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ).\n\n - RDMA/qedr: Fix memory leak in user qp and mr\n (bsc#1111666)\n\n - RDMA/qedr: Fix reported firmware version (bsc#1111666)\n\n - RDMA/qedr: Fix use of uninitialized field (bsc#1111666)\n\n - RDMA/qedr: Remove unsupported modify_port callback\n (bsc#1111666)\n\n - RDMA/qedr: SRQ's bug fixes (bsc#1111666)\n\n - RDMA/qib: Delete extra line (bsc#1111666)\n\n - RDMA/qib: Remove all occurrences of BUG_ON()\n (bsc#1111666)\n\n - RDMA/qib: Validate ->show()/store() callbacks before\n calling them (bsc#1111666)\n\n - RDMA/rxe: Drop pointless checks in rxe_init_ports\n (bsc#1111666)\n\n - RDMA/rxe: Fill in wc byte_len with\n IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666)\n\n - RDMA/rxe: Fix configuration of atomic queue pair\n attributes (bsc#1111666)\n\n - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666)\n\n - RDMA/rxe: Fix slab-out-bounds access which lead to\n kernel crash later (bsc#1111666)\n\n - RDMA/rxe: Fix soft lockup problem due to using tasklets\n in softirq (bsc#1111666)\n\n - RDMA/rxe: Fix the parent sysfs read when the interface\n has 15 chars (bsc#1111666)\n\n - RDMA/rxe: Prevent access to wr->next ptr afrer wr is\n posted to send queue (bsc#1111666)\n\n - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666)\n\n - RDMA/rxe: Remove useless rxe_init_device_param\n assignments (bsc#1111666)\n\n - RDMA/rxe: Return void from rxe_init_port_param()\n (bsc#1111666)\n\n - RDMA/rxe: Return void from rxe_mem_init_dma()\n (bsc#1111666)\n\n - RDMA/rxe: Set default vendor ID (bsc#1111666)\n\n - RDMA/rxe: Set sys_image_guid to be aligned with HW IB\n devices (bsc#1111666)\n\n - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)\n\n - RDMA/rxe: Use for_each_sg_page iterator on umem SGL\n (bsc#1111666)\n\n - RDMA/srp: Rework SCSI device reset handling\n (bsc#1111666)\n\n - RDMA/srpt: Fix typo in srpt_unregister_mad_agent\n docstring (bsc#1111666)\n\n - RDMA/srpt: Report the SCSI residual to the initiator\n (bsc#1111666)\n\n - RDMA/ucma: Add missing locking around\n rdma_leave_multicast() (bsc#1111666)\n\n - RDMA/ucma: Put a lock around every call to the rdma_cm\n layer (bsc#1111666)\n\n - RDMA/uverbs: Make the event_queue fds return POLLERR\n when disassociated (bsc#1111666)\n\n - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove\n (bsc#1111666)\n\n - RDMA/vmw_pvrdma: Use atomic memory allocation in create\n AH (bsc#1111666)\n\n - RDMA: Directly cast the sockaddr union to sockaddr\n (bsc#1111666)\n\n - RMDA/cm: Fix missing ib_cm_destroy_id() in\n ib_cm_insert_listen() (bsc#1111666)\n\n - Revert 'kernel/reboot.c: convert simple_strtoul to\n kstrtoint' (bsc#1179418).\n\n - SUNRPC: fix copying of multiple pages in\n gss_read_proxy_verf() (bsc#1103992).\n\n - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable\n authmode (git-fixes).\n\n - USB: core: Fix regression in Hercules audio card\n (git-fixes).\n\n - Update references in\n patches.suse/net-smc-tolerate-future-smcd-versions\n (bsc#1172542 LTC#186070 git-fixes).\n\n - arm/arm64: KVM: Add PSCI version selection API\n (bsc#1174726).\n\n - arm64: KVM: Fix system register enumeration\n (bsc#1174726).\n\n - ath10k: Acquire tx_lock in tx error paths (git-fixes).\n\n - batman-adv: set .owner to THIS_MODULE (git-fixes).\n\n - bnxt_en: Fix race when modifying pause settings\n (bsc#1050242 ).\n\n - bnxt_en: Protect bnxt_set_eee() and\n bnxt_set_pauseparam() with mutex (bsc#1050242).\n\n - btrfs: account ticket size at add/delete time\n (bsc#1178897).\n\n - btrfs: add helper to obtain number of devices with\n ongoing dev-replace (bsc#1178897).\n\n - btrfs: check rw_devices, not num_devices for balance\n (bsc#1178897).\n\n - btrfs: do not delete mismatched root refs (bsc#1178962).\n\n - btrfs: fix btrfs_calc_reclaim_metadata_size calculation\n (bsc#1178897).\n\n - btrfs: fix force usage in inc_block_group_ro\n (bsc#1178897).\n\n - btrfs: fix invalid removal of root ref (bsc#1178962).\n\n - btrfs: fix reclaim counter leak of space_info objects\n (bsc#1178897).\n\n - btrfs: fix reclaim_size counter leak after stealing from\n global reserve (bsc#1178897).\n\n - btrfs: kill min_allocable_bytes in inc_block_group_ro\n (bsc#1178897).\n\n - btrfs: rework arguments of btrfs_unlink_subvol\n (bsc#1178962).\n\n - btrfs: split dev-replace locking helpers for read and\n write (bsc#1178897). Needed as a prep patch for further\n improvements around btrfs.\n\n - can: gs_usb: fix endianess problem with candleLight\n firmware (git-fixes).\n\n - can: m_can: fix nominal bitiming tseg2 min for version\n >= 3.1 (git-fixes).\n\n - ceph: add check_session_state() helper and make it\n global (bsc#1179259).\n\n - ceph: check session state after bumping session->s_seq\n (bsc#1179259).\n\n - ceph: fix race in concurrent __ceph_remove_cap\n invocations (bsc#1178635).\n\n - cifs: Fix incomplete memory allocation on setxattr path\n (bsc#1179211).\n\n - cifs: Return the error from crypt_message when enc/dec\n key not found (bsc#1179426).\n\n - cifs: remove bogus debug code (bsc#1179427).\n\n - cxgb4: Fix offset when clearing filter byte counters\n (bsc#1064802 bsc#1066129).\n\n - docs: ABI: stable: remove a duplicated documentation\n (git-fixes).\n\n - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).\n\n - drm/sun4i: dw-hdmi: fix error return code in\n sun8i_dw_hdmi_bind() (git-fixes).\n\n - efi/efivars: Add missing kobject_put() in sysfs entry\n creation error path (git-fixes).\n\n - efi/esrt: Fix reference count leak in\n esre_create_sysfs_entry (git-fixes).\n\n - efi/x86: Do not panic or BUG() on non-critical error\n conditions (git-fixes).\n\n - efi/x86: Free efi_pgd with free_pages() (bsc#1112178).\n\n - efi/x86: Ignore the memory attributes table on i386\n (git-fixes).\n\n - efi/x86: Map the entire EFI vendor string before copying\n it (git-fixes).\n\n - efi: cper: Fix possible out-of-bounds access\n (git-fixes).\n\n - efi: provide empty efi_enter_virtual_mode implementation\n (git-fixes).\n\n - efivarfs: fix memory leak in efivarfs_create()\n (git-fixes).\n\n - efivarfs: revert 'fix memory leak in efivarfs_create()'\n (git-fixes).\n\n - fuse: fix page dereference after free (bsc#1179213).\n\n - hv_balloon: disable warning when floor reached\n (git-fixes).\n\n - i40iw: Fix error handling in i40iw_manage_arp_cache()\n (bsc#1111666)\n\n - i40iw: Report correct firmware version (bsc#1111666)\n\n - i40iw: fix NULL pointer dereference on a null wqe\n pointer (bsc#1111666)\n\n - igc: Fix returning wrong statistics (bsc#1118657).\n\n - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM\n for setting tablet-mode (git-fixes).\n\n - iio: accel: kxcjk1013: Replace is_smo8500_device with an\n acpi_type enum (git-fixes).\n\n - iw_cxgb4: fix ECN check on the passive accept\n (bsc#1111666)\n\n - iw_cxgb4: only reconnect with MPAv1 if the peer aborts\n (bsc#1111666)\n\n - kABI workaround for usermodehelper changes\n (bsc#1179406).\n\n - kABI: add back flush_dcache_range (jsc#SLE-16402\n jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - libnvdimm/nvdimm/flush: Allow architecture to override\n the flush barrier (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - mac80211: always wind down STA state (git-fixes).\n\n - mac80211: free sta in sta_info_insert_finish() on errors\n (git-fixes).\n\n - mlxsw: core: Fix memory leak on module removal\n (bsc#1112374).\n\n - mm: always have io_remap_pfn_range() set\n pgprot_decrypted() (bsc#1112178).\n\n - net/tls: Fix kmap usage (bsc#1109837).\n\n - net/tls: missing received data after fast remote close\n (bsc#1109837).\n\n - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument\n (bsc#1103990 ).\n\n - net: ena: fix packet's addresses for rx_offset feature\n (bsc#1174852).\n\n - net: ena: handle bad request id in ena_netdev\n (git-fixes).\n\n - net: qed: fix 'maybe uninitialized' warning (bsc#1136460\n jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: qed: fix async event callbacks unregistering\n (bsc#1104393 bsc#1104389).\n\n - net: qede: fix PTP initialization on recovery\n (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: qede: fix use-after-free on recovery and AER\n handling (bsc#1136460 jsc#SLE-4691 bsc#1136461\n jsc#SLE-4692).\n\n - net: thunderx: use spin_lock_bh in\n nicvf_set_rx_mode_task() (bsc#1110096).\n\n - net_sched: fix a memory leak in atm_tc_init()\n (bsc#1056657 bsc#1056653 bsc#1056787).\n\n - nfc: s3fwrn5: use signed integer for parsing GPIO\n numbers (git-fixes).\n\n - nfp: use correct define to return NONE fec\n (bsc#1109837).\n\n - pinctrl: amd: fix incorrect way to disable debounce\n filter (git-fixes).\n\n - pinctrl: amd: use higher precision for 512 RtcClk\n (git-fixes).\n\n - pinctrl: aspeed: Fix GPI only function problem\n (git-fixes).\n\n - platform/x86: toshiba_acpi: Fix the wrong variable\n assignment (git-fixes).\n\n - powerpc/32: define helpers to get L1 cache sizes\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/64: flush_inval_dcache_range() becomes\n flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/64: reuse PPC32 static inline\n flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/mm: Flush cache on memory hot(un)plug\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add flush routines using new pmem store\n and sync instruction (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add new instructions for persistent\n storage and sync (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Avoid the barrier in flush routines\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Fix kernel crash due to wrong range value\n usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109\n ltc#187964).\n\n - powerpc/pmem: Initialize pmem device on newer hardware\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Restrict papr_scm to P8 and above\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Update ppc64 to use the new barrier\n instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109\n ltc#187964).\n\n - powerpc: Chunk calls to flush_dcache_range in\n arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109\n ltc#187964 git-fixes).\n\n - powerpc: define helpers to get L1 icache sizes\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - qed: fix error return code in qed_iwarp_ll2_start()\n (bsc#1050536 bsc#1050545).\n\n - qed: suppress 'do not support RoCE & iWARP' flooding on\n HW init (bsc#1050536 bsc#1050545).\n\n - qed: suppress false-positives interrupt error messages\n on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461\n jsc#SLE-4692).\n\n - reboot: fix overflow parsing reboot cpu number\n (bsc#1179421).\n\n - rxe: correctly calculate iCRC for unaligned payloads\n (bsc#1111666)\n\n - rxe: fix error completion wr_id and qp_num (bsc#1111666)\n\n - s390/cio: add cond_resched() in the slow_eval_known_fn()\n loop (bsc#1177805 LTC#188737).\n\n - s390/cpum_cf,perf: change DFLT_CCERROR counter name\n (bsc#1175916 LTC#187937).\n\n - s390/dasd: Fix zero write for FBA devices (bsc#1177808\n LTC#188739).\n\n - s390: kernel/uv: handle length extension properly\n (bsc#1178940 LTC#189323).\n\n - sched/core: Fix PI boosting between RT and DEADLINE\n tasks (bsc#1112178).\n\n - sched/x86: SaveFLAGS on context switch (bsc#1112178).\n\n - scripts/git_sort/git_sort.py: add ceph maintainers git\n tree\n\n - scsi: RDMA/srpt: Fix a credit leak for aborted commands\n (bsc#1111666)\n\n - staging: rtl8723bs: Add 024c:0627 to the list of SDIO\n device-ids (git-fixes).\n\n - svcrdma: Fix page leak in svc_rdma_recv_read_chunk()\n (bsc#1103992).\n\n - svcrdma: fix bounce buffers for unaligned offsets and\n multiple pages (bsc#1103992).\n\n - tcp: Set INET_ECN_xmit configuration in\n tcp_reinit_congestion_control (bsc#1109837).\n\n - tracing: Fix out of bounds write in get_trace_buf\n (bsc#1179403).\n\n - tty: serial: imx: keep console clocks always on\n (git-fixes).\n\n - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download\n mode (git-fixes).\n\n - usb: gadget: Fix memleak in gadgetfs_fill_super\n (git-fixes).\n\n - usb: gadget: f_midi: Fix memleak in f_midi_alloc\n (git-fixes).\n\n - usb: host: xhci-mtk: avoid runtime suspend when removing\n hcd (git-fixes).\n\n - usermodehelper: reset umask to default before executing\n user process (bsc#1179406).\n\n - video: hyperv_fb: Fix the cache type when mapping the\n VRAM (git-fixes).\n\n - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect\n (git-fixes).\n\n - x86/PCI: Fix intel_mid_pci.c build error when ACPI is\n not enabled (git-fixes).\n\n - x86/PCI: Mark Intel C620 MROMs as having non-compliant\n BARs (git-fixes).\n\n - x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n\n - x86/hyperv: Make vapic support x2apic mode (git-fixes).\n\n - x86/microcode/intel: Check patch signature before saving\n microcode for early loading (bsc#1112178).\n\n - x86/speculation: Allow IBPB to be conditionally enabled\n on CPUs with always-on STIBP (bsc#1112178).\n\n - x86/sysfb_efi: Add quirks for some devices with swapped\n width and height (git-fixes).\n\n - xfrm: Fix memleak on xfrm state destroy (bsc#1158775).\n\n - xfs: revert 'xfs: fix rmap key and record comparison\n functions' (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1064802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179429\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-devel-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-docs-html-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-macros-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-qa-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-vanilla-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-syms-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:13", "description": "The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3718-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3718-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143633", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3718-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143633);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25669\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3718-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179213\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179421\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203718-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8809a5f5\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-3718=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.75.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:36", "description": "The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-8694: Insufficient access control for some Intel(R) Processors may have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1170415).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).\n\nCVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3715-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15437", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-8694"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3715-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143619", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3715-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143619);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-8694\",\n \"CVE-2020-15437\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3715-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-8694: Insufficient access control for some Intel(R)\nProcessors may have allowed an authenticated user to potentially\nenable information disclosure via local access (bsc#1170415).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).\n\nCVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter()\n(bsc#1178393).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179213\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=927455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25704/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8694/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203715-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cde116d5\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3715=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-16.38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-16.38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-16.38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-16.38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-16.38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-16.38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-16.38.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:15", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3717-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3717-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143860", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3717-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143860);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3717-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25668: Fixed a concurrency use-after-free in con_font_op\n(bsc#1178123).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter()\n(bsc#1178393).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-25705: Fixed an issue which could have allowed to quickly\nscan open UDP ports. This flaw allowed an off-path remote user to\neffectively bypassing source port UDP randomization (bsc#1175721).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179213\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=927455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25704/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25705/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203717-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9106a420\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2020-3717=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.54.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-30T15:31:44", "description": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-29369: There was a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 bnc#1179432).\n\n - CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c, where uninitialized memory could leak to userspace, aka CID-bcf85fcedfdd (bnc#1179429).\n\n - CVE-2020-15436: Use-after-free vulnerability in fs/block_dev.c allowed local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field (bnc#1179141).\n\n - CVE-2020-25705: A flaw in the way reply ICMP packets are limited was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions may be vulnerable to this issue (bnc#1175721 bnc#1178782).\n\n - CVE-2020-15437: The Linux kernel was vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ ports() that allowed local users to cause a denial of service by using the p->serial_in pointer which uninitialized (bnc#1179140).\n\n - CVE-2020-27777: Restricted RTAS requests from userspace (bsc#1179107). \n\n - CVE-2020-28974: A slab-out-of-bounds read in fbcon could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height (bnc#1178589).\n\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666).\n\n - CVE-2020-28941: Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once (bnc#1178740).\n\n - CVE-2020-28915: A buffer over-read (at the framebuffer layer) in the fbcon code could be used by local attackers to read kernel memory, aka CID-6735b4632def (bnc#1178886).\n\n - CVE-2020-25669: Avoid a use-after-free in teardown paths in sunkbd (bsc#1178182).\n\nThe following non-security bugs were fixed :\n\n - 9P: Cast to loff_t before multiplying (git-fixes).\n\n - ACPI: GED: fix -Wformat (git-fixes).\n\n - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).\n\n - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes).\n\n - ACPI: dock: fix enum-conversion warning (git-fixes).\n\n - ACPICA: Add NHLT table signature (bsc#1176200).\n\n - ALSA: ctl: fix error path at adding user-defined element set (git-fixes).\n\n - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).\n\n - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes).\n\n - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes).\n\n - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes).\n\n - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes).\n\n - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes).\n\n - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes).\n\n - ALSA: mixart: Fix mutex deadlock (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).\n\n - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n\n - Add bug reference to two hv_netvsc patches (bsc#1178853).\n\n - Convert trailing spaces and periods in path components (bsc#1179424).\n\n - Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076).\n\n - Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64.\n\n - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001).\n\n - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001).\n\n - EDAC/amd64: Gather hardware information early (bsc#1179001).\n\n - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001).\n\n - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001).\n\n - EDAC/amd64: Save max number of controllers to family type (bsc#1179001).\n\n - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001).\n\n - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module.\n\n - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes).\n\n - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes).\n\n - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes).\n\n - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes).\n\n - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).\n\n - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes).\n\n - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes).\n\n - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).\n\n - NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180).\n\n - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n\n - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n\n - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449).\n\n - RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449).\n\n - RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449).\n\n - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449).\n\n - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464).\n\n - RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215).\n\n - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes).\n\n - Revert 'cdc-acm: hardening against malicious devices' (git-fixes).\n\n - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (git-fixes).\n\n - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes).\n\n - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353).\n\n - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).\n\n - USB: core: Change %pK for __user pointers to %px (git-fixes).\n\n - USB: core: Fix regression in Hercules audio card (git-fixes).\n\n - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes).\n\n - USB: serial: option: add Quectel EC200T module support (git-fixes).\n\n - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).\n\n - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes).\n\n - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes).\n\n - arm64: bpf: Fix branch offset in JIT (git-fixes).\n\n - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes).\n\n - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes).\n\n - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes).\n\n - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes).\n\n - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes).\n\n - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes).\n\n - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes).\n\n - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes).\n\n - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes).\n\n - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes).\n\n - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes).\n\n - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes).\n\n - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes).\n\n - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes).\n\n - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes).\n\n - batman-adv: set .owner to THIS_MODULE (git-fixes).\n\n - bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes).\n\n - bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518).\n\n - bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518).\n\n - bpf: Zero-fill re-used per-cpu map element (bsc#1155518).\n\n - btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217).\n\n - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217).\n\n - btrfs: fix relocation failure due to race with fallocate (bsc#1179217).\n\n - btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217).\n\n - btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217).\n\n - btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217).\n\n - btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217).\n\n - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes).\n\n - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes).\n\n - can: dev: can_restart(): post buffer from the right context (git-fixes).\n\n - can: flexcan: flexcan_setup_stop_mode(): add missing 'req_bit' to stop mode property comment (git-fixes).\n\n - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).\n\n - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes).\n\n - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes).\n\n - can: m_can: m_can_handle_state_change(): fix state change (git-fixes).\n\n - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes).\n\n - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes).\n\n - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes).\n\n - ceph: add check_session_state() helper and make it global (bsc#1179012).\n\n - ceph: check session state after bumping session->s_seq (bsc#1179012).\n\n - ceph: check the sesion state and return false in case it is closed (bsc#1179012).\n\n - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653).\n\n - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).\n\n - cfg80211: initialize wdev data earlier (git-fixes).\n\n - cfg80211: regulatory: Fix inconsistent format argument (git-fixes).\n\n - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).\n\n - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).\n\n - cifs: remove bogus debug code (bsc#1179427).\n\n - clk: define to_clk_regmap() as inline function (git-fixes).\n\n - cosa: Add missing kfree in error path of cosa_write (git-fixes).\n\n - dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073).\n\n - dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073).\n\n - devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353).\n\n - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).\n\n - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873).\n\n - drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397).\n\n - efi/efivars: Set generic ops before loading SSDT (git-fixes).\n\n - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).\n\n - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes).\n\n - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes).\n\n - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).\n\n - efi/x86: Fix the deletion of variables in mixed mode (git-fixes).\n\n - efi/x86: Free efi_pgd with free_pages() (git-fixes).\n\n - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes).\n\n - efi/x86: Ignore the memory attributes table on i386 (git-fixes).\n\n - efi/x86: Map the entire EFI vendor string before copying it (git-fixes).\n\n - efi: EFI_EARLYCON should depend on EFI (git-fixes).\n\n - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes).\n\n - efi: efibc: check for efivars write capability (git-fixes).\n\n - efi: provide empty efi_enter_virtual_mode implementation (git-fixes).\n\n - efivarfs: fix memory leak in efivarfs_create() (git-fixes).\n\n - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes).\n\n - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes).\n\n - ftrace: Fix recursion check for NMI test (git-fixes).\n\n - ftrace: Handle tracing when switching between context (git-fixes).\n\n - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).\n\n - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1149032).\n\n - gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes).\n\n - gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes).\n\n - gpio: pcie-idio-24: Fix irq mask when masking (git-fixes).\n\n - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes).\n\n - hv_balloon: disable warning when floor reached (git-fixes).\n\n - hv_netvsc: Add XDP support (bsc#1177820).\n\n - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820).\n\n - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820).\n\n - hv_netvsc: record hardware hash in skb (bsc#1177820).\n\n - hwmon: (pwm-fan) Fix RPM calculation (git-fixes).\n\n - i2c: mediatek: move dma reset before i2c reset (git-fixes).\n\n - i2c: sh_mobile: implement atomic transfers (git-fixes).\n\n - igc: Fix not considering the TX delay for timestamps (bsc#1160634).\n\n - igc: Fix wrong timestamp latency numbers (bsc#1160634).\n\n - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).\n\n - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).\n\n - iio: adc: mediatek: fix unset field (git-fixes).\n\n - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes).\n\n - intel_idle: Customize IceLake server support (bsc#1178286).\n\n - ionic: check port ptr before use (bsc#1167773).\n\n - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes).\n\n - kABI workaround for HD-audio (git-fixes).\n\n - kABI: revert use_mm name change (MM Functionality, bsc#1178426).\n\n - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015).\n\n - kernel-(binary,source).spec.in: do not create loop symlinks (bsc#1179082)\n\n - kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes).\n\n - kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426).\n\n - kgdb: Fix spurious true from in_dbg_master() (git-fixes).\n\n - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes).\n\n - lan743x: fix 'BUG: invalid wait context' when setting rx mode (git-fixes).\n\n - lan743x: fix issue causing intermittent kernel log warnings (git-fixes).\n\n - lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes).\n\n - lib/crc32test: remove extra local_irq_disable/enable (git-fixes).\n\n - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518).\n\n - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518).\n\n - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).\n\n - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - mac80211: always wind down STA state (git-fixes).\n\n - mac80211: fix use of skb payload instead of header (git-fixes).\n\n - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).\n\n - mac80211: minstrel: fix tx status processing corner case (git-fixes).\n\n - mac80211: minstrel: remove deferred sampling code (git-fixes).\n\n - mei: protect mei_cl_mtu from null dereference (git-fixes).\n\n - memcg: fix NULL pointer dereference in\n __mem_cgroup_usage_unregister_event (bsc#1177703).\n\n - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes).\n\n - mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755).\n\n - mm, memcg: fix inconsistent oom event behavior (bsc#1178659).\n\n - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)).\n\n - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235).\n\n - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)).\n\n - mm/memcg: fix refcount error while moving and swapping (bsc#1178686).\n\n - mm/memcontrol.c: add missed css_put() (bsc#1178661).\n\n - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426).\n\n - mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426).\n\n - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)).\n\n - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)).\n\n - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)).\n\n - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes).\n\n - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes).\n\n - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes).\n\n - modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076).\n\n - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464).\n\n - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464).\n\n - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873).\n\n - net: ena: Capitalize all log strings and improve code readability (bsc#1177397).\n\n - net: ena: Change RSS related macros and variables names (bsc#1177397).\n\n - net: ena: Change license into format to SPDX in all files (bsc#1177397).\n\n - net: ena: Change log message to netif/dev function (bsc#1177397).\n\n - net: ena: Fix all static chekers' warnings (bsc#1177397).\n\n - net: ena: Remove redundant print of placement policy (bsc#1177397).\n\n - net: ena: ethtool: Add new device statistics (bsc#1177397).\n\n - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).\n\n - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397).\n\n - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).\n\n - net: ena: handle bad request id in ena_netdev (bsc#1174852).\n\n - net: ena: xdp: add queue counters for xdp actions (bsc#1177397).\n\n - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353).\n\n - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873).\n\n - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).\n\n - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).\n\n - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873).\n\n - nvme: do not update disk info for multipathed device (bsc#1171558).\n\n - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).\n\n - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).\n\n - pinctrl: aspeed: Fix GPI only function problem (git-fixes).\n\n - pinctrl: intel: Set default bias in case no particular value given (git-fixes).\n\n - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes).\n\n - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).\n\n - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426).\n\n - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915).\n\n - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc/pseries: new lparcfg key/value pair:\n partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915).\n\n - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293).\n\n - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426).\n\n - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160).\n\n - reboot: fix overflow parsing reboot cpu number (git-fixes).\n\n - regulator: avoid resolve_supply() infinite recursion (git-fixes).\n\n - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes).\n\n - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze(100,200) (git-fixes).\n\n - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes).\n\n - regulator: workaround self-referent regulators (git-fixes).\n\n - rfkill: Fix use-after-free in rfkill_resume() (git-fixes).\n\n - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes).\n\n - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014)\n\n - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014)\n\n - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045)\n\n - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)\n\n - rpm/kernel-(source,binary).spec: do not include ghost symlinks (boo#1179082).\n\n - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one).\n\n - s390/bpf: Fix multiple tail calls (git-fixes).\n\n - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935).\n\n - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).\n\n - s390/dasd: fix NULL pointer dereference for ERP requests (git-fixes).\n\n - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes).\n\n - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342).\n\n - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341).\n\n - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)).\n\n - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)).\n\n - sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227).\n\n - sched: Fix rq->nr_iowait ordering (git fixes (sched)).\n\n - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros:\n section\n\n - scsi: libiscsi: Fix NOP race condition (bsc#1176481).\n\n - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873).\n\n - spi: lpspi: Fix use-after-free on unbind (git-fixes).\n\n - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).\n\n - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes).\n\n - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873).\n\n - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes).\n\n - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes).\n\n - timer: Fix wheel index calculation on last level (git-fixes).\n\n - timer: Prevent base->clk from moving backward (git-fixes).\n\n - tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes).\n\n - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes).\n\n - tracing: Fix out of bounds write in get_trace_buf (git-fixes).\n\n - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes).\n\n - tty: serial: fsl_lpuart: add LS1028A support (git-fixes).\n\n - tty: serial: imx: fix potential deadlock (git-fixes).\n\n - tty: serial: imx: keep console clocks always on (git-fixes).\n\n - uio: Fix use-after-free in uio_unregister_device() (git-fixes).\n\n - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).\n\n - usb: core: driver: fix stray tabs in error messages (git-fixes).\n\n - usb: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).\n\n - usb: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).\n\n - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes).\n\n - usb: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).\n\n - usb: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes).\n\n - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).\n\n - video: hyperv_fb: include vmalloc.h (git-fixes).\n\n - virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes).\n\n - vt: Disable KD_FONT_OP_COPY (bsc#1178589).\n\n - x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n\n - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes).\n\n - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489).\n\n - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489).\n\n - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).\n\n - xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes).\n\n - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes).\n\n - xfs: fix rmap key and record comparison functions (git-fixes).\n\n - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes).\n\n - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes).\n\n - xhci: Fix sizeof() mismatch (git-fixes).\n\n - xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes).", "cvss3": {}, "published": "2020-12-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-2161)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25669", "CVE-2020-25705", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-29369", "CVE-2020-29371", "CVE-2020-4788"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo", "p-cpe:/a:novell:opensuse:kernel-preempt-debugsource", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2161.NASL", "href": "https://www.tenable.com/plugins/nessus/143523", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2161.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143523);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25669\",\n \"CVE-2020-25705\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\",\n \"CVE-2020-29369\",\n \"CVE-2020-29371\",\n \"CVE-2020-4788\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-2161)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The openSUSE Leap 15.2 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-29369: There was a race condition between\n certain expand functions (expand_downwards and\n expand_upwards) and page-table free operations from an\n munmap call, aka CID-246c320a8cfe (bnc#1173504\n bnc#1179432).\n\n - CVE-2020-29371: An issue was discovered in\n romfs_dev_read in fs/romfs/storage.c, where\n uninitialized memory could leak to userspace, aka\n CID-bcf85fcedfdd (bnc#1179429).\n\n - CVE-2020-15436: Use-after-free vulnerability in\n fs/block_dev.c allowed local users to gain privileges or\n cause a denial of service by leveraging improper access\n to a certain error field (bnc#1179141).\n\n - CVE-2020-25705: A flaw in the way reply ICMP packets are\n limited was found that allowed to quickly scan open UDP\n ports. This flaw allowed an off-path remote user to\n effectively bypassing source port UDP randomization. The\n highest threat from this vulnerability is to\n confidentiality and possibly integrity, because software\n that relies on UDP source port randomization are\n indirectly affected as well. Kernel versions may be\n vulnerable to this issue (bnc#1175721 bnc#1178782).\n\n - CVE-2020-15437: The Linux kernel was vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_\n ports() that allowed local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized (bnc#1179140).\n\n - CVE-2020-27777: Restricted RTAS requests from userspace\n (bsc#1179107). \n\n - CVE-2020-28974: A slab-out-of-bounds read in fbcon could\n be used by local attackers to read privileged\n information or potentially crash the kernel, aka\n CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in\n drivers/tty/vt/vt.c can be used for manipulations such\n as font height (bnc#1178589).\n\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1)\n processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under\n extenuating circumstances. IBM X-Force ID: 189296\n (bnc#1177666).\n\n - CVE-2020-28941: Local attackers on systems with the\n speakup driver could cause a local denial of service\n attack, aka CID-d41227544427. This occurs because of an\n invalid free when the line discipline is used more than\n once (bnc#1178740).\n\n - CVE-2020-28915: A buffer over-read (at the framebuffer\n layer) in the fbcon code could be used by local\n attackers to read kernel memory, aka CID-6735b4632def\n (bnc#1178886).\n\n - CVE-2020-25669: Avoid a use-after-free in teardown paths\n in sunkbd (bsc#1178182).\n\nThe following non-security bugs were fixed :\n\n - 9P: Cast to loff_t before multiplying (git-fixes).\n\n - ACPI: GED: fix -Wformat (git-fixes).\n\n - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).\n\n - ACPI: button: Add DMI quirk for Medion Akoya E2228T\n (git-fixes).\n\n - ACPI: dock: fix enum-conversion warning (git-fixes).\n\n - ACPICA: Add NHLT table signature (bsc#1176200).\n\n - ALSA: ctl: fix error path at adding user-defined element\n set (git-fixes).\n\n - ALSA: firewire: Clean up a locking issue in\n copy_resp_to_buf() (git-fixes).\n\n - ALSA: hda/realtek - Add supported for Lenovo ThinkPad\n Headset Button (git-fixes).\n\n - ALSA: hda/realtek - Add supported mute Led for HP\n (git-fixes).\n\n - ALSA: hda/realtek - HP Headset Mic can't detect after\n boot (git-fixes).\n\n - ALSA: hda/realtek: Add some Clove SSID in the\n ALC293(ALC1220) (git-fixes).\n\n - ALSA: hda: Reinstate runtime_allow() for all hda\n controllers (git-fixes).\n\n - ALSA: hda: fix jack detection with Realtek codecs when\n in D3 (git-fixes).\n\n - ALSA: mixart: Fix mutex deadlock (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for all Logitech USB\n devices (git-fixes).\n\n - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n\n - Add bug reference to two hv_netvsc patches\n (bsc#1178853).\n\n - Convert trailing spaces and periods in path components\n (bsc#1179424).\n\n - Documentation/admin-guide/module-signing.rst: add\n openssl command option example for CodeSign EKU\n (bsc#1177353, bsc#1179076).\n\n - Drop sysctl files for dropped archs, add ppc64le and arm\n (bsc#1178838). Also correct the page size on ppc64.\n\n - EDAC/amd64: Cache secondary Chip Select registers\n (bsc#1179001).\n\n - EDAC/amd64: Find Chip Select memory size using Address\n Mask (bsc#1179001).\n\n - EDAC/amd64: Gather hardware information early\n (bsc#1179001).\n\n - EDAC/amd64: Initialize DIMM info for systems with more\n than two channels (bsc#1179001).\n\n - EDAC/amd64: Make struct amd64_family_type global\n (bsc#1179001).\n\n - EDAC/amd64: Save max number of controllers to family\n type (bsc#1179001).\n\n - EDAC/amd64: Support asymmetric dual-rank DIMMs\n (bsc#1179001).\n\n - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201)\n CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it\n as module.\n\n - HID: logitech-dj: Fix Dinovo Mini when paired with a\n MX5x00 receiver (git-fixes).\n\n - HID: logitech-dj: Fix an error in\n mse_bluetooth_descriptor (git-fixes).\n\n - HID: logitech-dj: Handle quad/bluetooth keyboards with a\n builtin trackpad (git-fixes).\n\n - HID: logitech-hidpp: Add PID for MX Anywhere 2\n (git-fixes).\n\n - Input: adxl34x - clean up a data type in adxl34x_probe()\n (git-fixes).\n\n - Input: resistive-adc-touch - fix kconfig dependency on\n IIO_BUFFER (git-fixes).\n\n - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return\n SMCCC_RET_NOT_REQUIRED (git-fixes).\n\n - NFS: only invalidate dentrys that are clearly invalid\n (bsc#1178669 bsc#1170139).\n\n - NFSv4.x recover from pre-mature loss of openstateid\n (bsc#1176180).\n\n - NFSv4: Handle NFS4ERR_OLD_STATEID in\n CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n\n - NFSv4: Wait for stateid updates after\n CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n\n - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP\n (jsc#SLE-8449).\n\n - RDMA/hns: Fix the wrong value of rnr_retry when querying\n qp (jsc#SLE-8449).\n\n - RDMA/hns: Fix wrong field of SRQ number the device\n supports (jsc#SLE-8449).\n\n - RDMA/hns: Solve the overflow of the calc_pg_sz()\n (jsc#SLE-8449).\n\n - RDMA/mlx5: Fix devlink deadlock on net namespace\n deletion (jsc#SLE-8464).\n\n - RDMA/qedr: Fix return code if accept is called on a\n destroyed qp (jsc#SLE-8215).\n\n - RDMA/ucma: Add missing locking around\n rdma_leave_multicast() (git-fixes).\n\n - Revert 'cdc-acm: hardening against malicious devices'\n (git-fixes).\n\n - Revert 'kernel/reboot.c: convert simple_strtoul to\n kstrtoint' (git-fixes).\n\n - SUNRPC: Fix general protection fault in\n trace_rpc_xdr_overflow() (git-fixes).\n\n - SUNRPC: fix copying of multiple pages in\n gss_read_proxy_verf() (bsc#1154353).\n\n - USB: Add NO_LPM quirk for Kingston flash drive\n (git-fixes).\n\n - USB: core: Change %pK for __user pointers to %px\n (git-fixes).\n\n - USB: core: Fix regression in Hercules audio card\n (git-fixes).\n\n - USB: serial: option: add LE910Cx compositions 0x1203,\n 0x1230, 0x1231 (git-fixes).\n\n - USB: serial: option: add Quectel EC200T module support\n (git-fixes).\n\n - USB: serial: option: add Telit FN980 composition 0x1055\n (git-fixes).\n\n - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs\n (git-fixes).\n\n - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs\n (git-fixes).\n\n - arm64: bpf: Fix branch offset in JIT (git-fixes).\n\n - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX\n delay (git-fixes).\n\n - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet\n node (git-fixes).\n\n - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet\n node (git-fixes).\n\n - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII\n RX/TX delay on PHY (git-fixes).\n\n - arm64: dts: allwinner: beelink-gs1: Enable both RGMII\n RX/TX delay (git-fixes).\n\n - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet\n node (git-fixes).\n\n - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet\n node (git-fixes).\n\n - arm64: dts: fsl: DPAA FMan DMA operations are coherent\n (git-fixes).\n\n - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating\n point (git-fixes).\n\n - arm64: dts: imx8mq: Add missing interrupts to GPC\n (git-fixes).\n\n - arm64: dts: imx8mq: Fix TMU interrupt property\n (git-fixes).\n\n - arm64: dts: zynqmp: Remove additional compatible string\n for i2c IPs (git-fixes).\n\n - arm64: kprobe: add checks for ARMv8.3-PAuth combined\n instructions (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra186\n SDMMC nodes (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra194\n SDMMC nodes (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra210\n SDMMC (git-fixes).\n\n - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes).\n\n - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes).\n\n - batman-adv: set .owner to THIS_MODULE (git-fixes).\n\n - bnxt_en: Avoid sending firmware messages when AER error\n is detected (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Check abort error state in bnxt_open_nic()\n (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix NULL ptr dereference crash in\n bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix regression in workqueue cleanup logic in\n bnxt_remove_one() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also\n (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally\n (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: return proper error codes in bnxt_show_temp\n (git-fixes).\n\n - bpf: Do not rely on GCC __attribute__((optimize)) to\n disable GCSE (bsc#1155518).\n\n - bpf: Fix comment for helper\n bpf_current_task_under_cgroup() (bsc#1155518).\n\n - bpf: Zero-fill re-used per-cpu map element\n (bsc#1155518).\n\n - btrfs: fix bytes_may_use underflow in prealloc error\n condtition (bsc#1179217).\n\n - btrfs: fix metadata reservation for fallocate that leads\n to transaction aborts (bsc#1179217).\n\n - btrfs: fix relocation failure due to race with fallocate\n (bsc#1179217).\n\n - btrfs: remove item_size member of struct\n btrfs_clone_extent_info (bsc#1179217).\n\n - btrfs: rename btrfs_insert_clone_extent() to a more\n generic name (bsc#1179217).\n\n - btrfs: rename btrfs_punch_hole_range() to a more generic\n name (bsc#1179217).\n\n - btrfs: rename struct btrfs_clone_extent_info to a more\n generic name (bsc#1179217).\n\n - can: af_can: prevent potential access of uninitialized\n member in can_rcv() (git-fixes).\n\n - can: af_can: prevent potential access of uninitialized\n member in canfd_rcv() (git-fixes).\n\n - can: dev: can_restart(): post buffer from the right\n context (git-fixes).\n\n - can: flexcan: flexcan_setup_stop_mode(): add missing\n 'req_bit' to stop mode property comment (git-fixes).\n\n - can: gs_usb: fix endianess problem with candleLight\n firmware (git-fixes).\n\n - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming\n limits (git-fixes).\n\n - can: m_can: fix nominal bitiming tseg2 min for version\n >= 3.1 (git-fixes).\n\n - can: m_can: m_can_handle_state_change(): fix state\n change (git-fixes).\n\n - can: m_can: m_can_stop(): set device to software init\n mode before closing (git-fixes).\n\n - can: mcba_usb: mcba_usb_start_xmit(): first fill skb,\n then pass to can_put_echo_skb() (git-fixes).\n\n - can: peak_usb: fix potential integer overflow on shift\n of a int (git-fixes).\n\n - ceph: add check_session_state() helper and make it\n global (bsc#1179012).\n\n - ceph: check session state after bumping session->s_seq\n (bsc#1179012).\n\n - ceph: check the sesion state and return false in case it\n is closed (bsc#1179012).\n\n - ceph: downgrade warning from mdsmap decode to debug\n (bsc#1178653).\n\n - ceph: fix race in concurrent __ceph_remove_cap\n invocations (bsc#1178635).\n\n - cfg80211: initialize wdev data earlier (git-fixes).\n\n - cfg80211: regulatory: Fix inconsistent format argument\n (git-fixes).\n\n - cifs: Fix incomplete memory allocation on setxattr path\n (bsc#1179211).\n\n - cifs: Return the error from crypt_message when enc/dec\n key not found (bsc#1179426).\n\n - cifs: remove bogus debug code (bsc#1179427).\n\n - clk: define to_clk_regmap() as inline function\n (git-fixes).\n\n - cosa: Add missing kfree in error path of cosa_write\n (git-fixes).\n\n - dax: Fix stack overflow when mounting fsdax pmem device\n (bsc#1171073).\n\n - dax: fix detection of dax support for non-persistent\n memory block devices (bsc#1171073).\n\n - devlink: Make sure devlink instance and port are in same\n net namespace (bsc#1154353).\n\n - docs: ABI: sysfs-c2port: remove a duplicated entry\n (git-fixes).\n\n - drbd: code cleanup by using sendpage_ok() to check page\n for kernel_sendpage() (bsc#1172873).\n\n - drivers/net/ethernet: remove incorrectly formatted doc\n (bsc#1177397).\n\n - efi/efivars: Set generic ops before loading SSDT\n (git-fixes).\n\n - efi/esrt: Fix reference count leak in\n esre_create_sysfs_entry (git-fixes).\n\n - efi/libstub/x86: Work around LLVM ELF quirk build\n regression (git-fixes).\n\n - efi/x86: Align GUIDs to their size in the mixed mode\n runtime wrapper (git-fixes).\n\n - efi/x86: Do not panic or BUG() on non-critical error\n conditions (git-fixes).\n\n - efi/x86: Fix the deletion of variables in mixed mode\n (git-fixes).\n\n - efi/x86: Free efi_pgd with free_pages() (git-fixes).\n\n - efi/x86: Handle by-ref arguments covering multiple pages\n in mixed mode (git-fixes).\n\n - efi/x86: Ignore the memory attributes table on i386\n (git-fixes).\n\n - efi/x86: Map the entire EFI vendor string before copying\n it (git-fixes).\n\n - efi: EFI_EARLYCON should depend on EFI (git-fixes).\n\n - efi: add missed destroy_workqueue when efisubsys_init\n fails (git-fixes).\n\n - efi: efibc: check for efivars write capability\n (git-fixes).\n\n - efi: provide empty efi_enter_virtual_mode implementation\n (git-fixes).\n\n - efivarfs: fix memory leak in efivarfs_create()\n (git-fixes).\n\n - efivarfs: revert 'fix memory leak in efivarfs_create()'\n (git-fixes).\n\n - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into\n linux/font.h (git-fixes).\n\n - ftrace: Fix recursion check for NMI test (git-fixes).\n\n - ftrace: Handle tracing when switching between context\n (git-fixes).\n\n - futex: Do not enable IRQs unconditionally in\n put_pi_state() (bsc#1149032).\n\n - futex: Handle transient 'ownerless' rtmutex state\n correctly (bsc#1149032).\n\n - gpio: pcie-idio-24: Enable PEX8311 interrupts\n (git-fixes).\n\n - gpio: pcie-idio-24: Fix IRQ Enable Register value\n (git-fixes).\n\n - gpio: pcie-idio-24: Fix irq mask when masking\n (git-fixes).\n\n - hv: clocksource: Add notrace attribute to\n read_hv_sched_clock_*() functions (git-fixes).\n\n - hv_balloon: disable warning when floor reached\n (git-fixes).\n\n - hv_netvsc: Add XDP support (bsc#1177820).\n\n - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs\n (bsc#1177820).\n\n - hv_netvsc: make recording RSS hash depend on feature\n flag (bsc#1177820).\n\n - hv_netvsc: record hardware hash in skb (bsc#1177820).\n\n - hwmon: (pwm-fan) Fix RPM calculation (git-fixes).\n\n - i2c: mediatek: move dma reset before i2c reset\n (git-fixes).\n\n - i2c: sh_mobile: implement atomic transfers (git-fixes).\n\n - igc: Fix not considering the TX delay for timestamps\n (bsc#1160634).\n\n - igc: Fix wrong timestamp latency numbers (bsc#1160634).\n\n - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM\n for setting tablet-mode (git-fixes).\n\n - iio: accel: kxcjk1013: Replace is_smo8500_device with an\n acpi_type enum (git-fixes).\n\n - iio: adc: mediatek: fix unset field (git-fixes).\n\n - iio: light: fix kconfig dependency bug for VCNL4035\n (git-fixes).\n\n - intel_idle: Customize IceLake server support\n (bsc#1178286).\n\n - ionic: check port ptr before use (bsc#1167773).\n\n - iwlwifi: mvm: write queue_sync_state only for sync\n (git-fixes).\n\n - kABI workaround for HD-audio (git-fixes).\n\n - kABI: revert use_mm name change (MM Functionality,\n bsc#1178426).\n\n - kernel-source.spec: Fix build with rpm 4.16\n (boo#1179015).\n\n - kernel-(binary,source).spec.in: do not create loop\n symlinks (bsc#1179082)\n\n - kernel/watchdog: fix watchdog_allowed_mask not used\n warning (git-fixes).\n\n - kernel: better document the use_mm/unuse_mm API contract\n (MM Functionality, bsc#1178426).\n\n - kgdb: Fix spurious true from in_dbg_master()\n (git-fixes).\n\n - kthread_worker: prevent queuing delayed work from\n timer_fn when it is being canceled (git-fixes).\n\n - lan743x: fix 'BUG: invalid wait context' when setting rx\n mode (git-fixes).\n\n - lan743x: fix issue causing intermittent kernel log\n warnings (git-fixes).\n\n - lan743x: prevent entire kernel HANG on open, for some\n platforms (git-fixes).\n\n - lib/crc32test: remove extra local_irq_disable/enable\n (git-fixes).\n\n - lib/strncpy_from_user.c: Mask out bytes after NUL\n terminator (bsc#1155518).\n\n - libbpf, hashmap: Fix undefined behavior in hash_bits\n (bsc#1155518).\n\n - libceph: use sendpage_ok() in ceph_tcp_sendpage()\n (bsc#1172873).\n\n - libnvdimm/nvdimm/flush: Allow architecture to override\n the flush barrier (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - mac80211: always wind down STA state (git-fixes).\n\n - mac80211: fix use of skb payload instead of header\n (git-fixes).\n\n - mac80211: free sta in sta_info_insert_finish() on errors\n (git-fixes).\n\n - mac80211: minstrel: fix tx status processing corner case\n (git-fixes).\n\n - mac80211: minstrel: remove deferred sampling code\n (git-fixes).\n\n - mei: protect mei_cl_mtu from null dereference\n (git-fixes).\n\n - memcg: fix NULL pointer dereference in\n __mem_cgroup_usage_unregister_event (bsc#1177703).\n\n - mfd: sprd: Add wakeup capability for PMIC IRQ\n (git-fixes).\n\n - mm, THP, swap: fix allocating cluster for swapfile by\n mistake (bsc#1178755).\n\n - mm, memcg: fix inconsistent oom event behavior\n (bsc#1178659).\n\n - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git\n fixes (mm/gup)).\n\n - mm/gup: fix gup_fast with dynamic page table folding\n (bnc#1176586, LTC#188235).\n\n - mm/ksm: fix NULL pointer dereference when KSM zero page\n is enabled (git fixes (mm/ksm)).\n\n - mm/memcg: fix refcount error while moving and swapping\n (bsc#1178686).\n\n - mm/memcontrol.c: add missed css_put() (bsc#1178661).\n\n - mm: fix exec activate_mm vs TLB shootdown and lazy tlb\n switching race (MM Functionality, bsc#1178426).\n\n - mm: fix kthread_use_mm() vs TLB invalidate (MM\n Functionality, bsc#1178426).\n\n - mm: mempolicy: require at least one nodeid for\n MPOL_PREFERRED (git fixes (mm/mempolicy)).\n\n - mm: swap: make page_evictable() inline (git fixes\n (mm/vmscan)).\n\n - mm: swap: use smp_mb__after_atomic() to order LRU bit\n set (git fixes (mm/vmscan)).\n\n - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free()\n at remove (git-fixes).\n\n - mmc: sdhci-of-esdhc: Handle pulse width detection\n erratum for more SoCs (git-fixes).\n\n - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode\n for BYT-based Intel controllers (git-fixes).\n\n - modsign: Add codeSigning EKU when generating X.509 key\n generation config (bsc#1177353, bsc#1179076).\n\n - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464).\n\n - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if\n qos disabled (jsc#SLE-8464).\n\n - net: add WARN_ONCE in kernel_sendpage() for improper\n zero-copy send (bsc#1172873).\n\n - net: ena: Capitalize all log strings and improve code\n readability (bsc#1177397).\n\n - net: ena: Change RSS related macros and variables names\n (bsc#1177397).\n\n - net: ena: Change license into format to SPDX in all\n files (bsc#1177397).\n\n - net: ena: Change log message to netif/dev function\n (bsc#1177397).\n\n - net: ena: Fix all static chekers' warnings\n (bsc#1177397).\n\n - net: ena: Remove redundant print of placement policy\n (bsc#1177397).\n\n - net: ena: ethtool: Add new device statistics\n (bsc#1177397).\n\n - net: ena: ethtool: add stats printing to XDP queues\n (bsc#1177397).\n\n - net: ena: ethtool: convert stat_offset to 64 bit\n resolution (bsc#1177397).\n\n - net: ena: fix packet's addresses for rx_offset feature\n (bsc#1174852).\n\n - net: ena: handle bad request id in ena_netdev\n (bsc#1174852).\n\n - net: ena: xdp: add queue counters for xdp actions\n (bsc#1177397).\n\n - net: fix pos incrementment in ipv6_route_seq_next\n (bsc#1154353).\n\n - net: introduce helper sendpage_ok() in\n include/linux/net.h (bsc#1172873).\n\n - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition\n (git-fixes).\n\n - nfc: s3fwrn5: use signed integer for parsing GPIO\n numbers (git-fixes).\n\n - nvme-tcp: check page by sendpage_ok() before calling\n kernel_sendpage() (bsc#1172873).\n\n - nvme: do not update disk info for multipathed device\n (bsc#1171558).\n\n - pinctrl: amd: fix incorrect way to disable debounce\n filter (git-fixes).\n\n - pinctrl: amd: use higher precision for 512 RtcClk\n (git-fixes).\n\n - pinctrl: aspeed: Fix GPI only function problem\n (git-fixes).\n\n - pinctrl: intel: Set default bias in case no particular\n value given (git-fixes).\n\n - platform/x86: thinkpad_acpi: Send tablet mode switch at\n wakeup time (git-fixes).\n\n - platform/x86: toshiba_acpi: Fix the wrong variable\n assignment (git-fixes).\n\n - powerpc/64s/radix: Fix mm_cpumask trimming race vs\n kthread_use_mm (MM Functionality, bsc#1178426).\n\n - powerpc/perf: consolidate GPCI hcall structs into\n asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915).\n\n - powerpc/pmem: Add flush routines using new pmem store\n and sync instruction (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add new instructions for persistent\n storage and sync (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Avoid the barrier in flush routines\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Initialize pmem device on newer hardware\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Restrict papr_scm to P8 and above\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Update ppc64 to use the new barrier\n instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109\n ltc#187964).\n\n - powerpc/pseries: Add KVM guest doorbell restrictions\n (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc/pseries: Use doorbells even if XIVE is available\n (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc/pseries: new lparcfg key/value pair:\n partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915).\n\n - powerpc/vnic: Extend 'failover pending' window\n (bsc#1176855 ltc#187293).\n\n - powerpc: Inline doorbell sending functions\n (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM\n Functionality, bsc#1178426).\n\n - qla2xxx: Add MODULE_VERSION back to driver\n (bsc#1179160).\n\n - reboot: fix overflow parsing reboot cpu number\n (git-fixes).\n\n - regulator: avoid resolve_supply() infinite recursion\n (git-fixes).\n\n - regulator: fix memory leak with repeated\n set_machine_constraints() (git-fixes).\n\n - regulator: pfuze100: limit pfuze-support-disable-sw to\n pfuze(100,200) (git-fixes).\n\n - regulator: ti-abb: Fix array out of bound read access on\n the first transition (git-fixes).\n\n - regulator: workaround self-referent regulators\n (git-fixes).\n\n - rfkill: Fix use-after-free in rfkill_resume()\n (git-fixes).\n\n - ring-buffer: Fix recursion protection transitions\n between interrupt context (git-fixes).\n\n - rpm/kernel-binary.spec.in: avoid using barewords\n (bsc#1179014)\n\n - rpm/kernel-binary.spec.in: avoid using more barewords\n (bsc#1179014)\n\n - rpm/kernel-binary.spec.in: use grep -E instead of egrep\n (bsc#1179045)\n\n - rpm/kernel-obs-build.spec.in: Add -q option to modprobe\n calls (bsc#1178401)\n\n - rpm/kernel-(source,binary).spec: do not include ghost\n symlinks (boo#1179082).\n\n - rpm/mkspec: do not build kernel-obs-build on x86_32 We\n want to use 64bit kernel due to various bugs\n (bsc#1178762 to name one).\n\n - s390/bpf: Fix multiple tail calls (git-fixes).\n\n - s390/cpum_cf,perf: change DFLT_CCERROR counter name\n (bsc#1175918 LTC#187935).\n\n - s390/cpum_sf.c: fix file permission for cpum_sfb_size\n (git-fixes).\n\n - s390/dasd: fix NULL pointer dereference for ERP requests\n (git-fixes).\n\n - s390/pkey: fix paes selftest failure with paes and pkey\n static build (git-fixes).\n\n - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070\n LTC#188342).\n\n - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066\n LTC#188341).\n\n - sched/fair: Ensure tasks spreading in LLC during LB (git\n fixes (sched)).\n\n - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list\n (git fixes (sched)).\n\n - sched: Fix loadavg accounting race on arm64 kabi\n (bnc#1178227).\n\n - sched: Fix rq->nr_iowait ordering (git fixes (sched)).\n\n - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros:\n section\n\n - scsi: libiscsi: Fix NOP race condition (bsc#1176481).\n\n - scsi: libiscsi: use sendpage_ok() in\n iscsi_tcp_segment_map() (bsc#1172873).\n\n - spi: lpspi: Fix use-after-free on unbind (git-fixes).\n\n - staging: rtl8723bs: Add 024c:0627 to the list of SDIO\n device-ids (git-fixes).\n\n - svcrdma: fix bounce buffers for unaligned offsets and\n multiple pages (git-fixes).\n\n - tcp: use sendpage_ok() to detect misused .sendpage\n (bsc#1172873).\n\n - thunderbolt: Add the missed ida_simple_remove() in\n ring_request_msix() (git-fixes).\n\n - thunderbolt: Fix memory leak if ida_simple_get() fails\n in enumerate_services() (git-fixes).\n\n - timer: Fix wheel index calculation on last level\n (git-fixes).\n\n - timer: Prevent base->clk from moving backward\n (git-fixes).\n\n - tpm: efi: Do not create binary_bios_measurements file\n for an empty log (git-fixes).\n\n - tpm_tis: Disable interrupts on ThinkPad T490s\n (git-fixes).\n\n - tracing: Fix out of bounds write in get_trace_buf\n (git-fixes).\n\n - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16\n words, like LS1028A (git-fixes).\n\n - tty: serial: fsl_lpuart: add LS1028A support\n (git-fixes).\n\n - tty: serial: imx: fix potential deadlock (git-fixes).\n\n - tty: serial: imx: keep console clocks always on\n (git-fixes).\n\n - uio: Fix use-after-free in uio_unregister_device()\n (git-fixes).\n\n - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download\n mode (git-fixes).\n\n - usb: core: driver: fix stray tabs in error messages\n (git-fixes).\n\n - usb: gadget: Fix memleak in gadgetfs_fill_super\n (git-fixes).\n\n - usb: gadget: f_midi: Fix memleak in f_midi_alloc\n (git-fixes).\n\n - usb: gadget: goku_udc: fix potential crashes in probe\n (git-fixes).\n\n - usb: host: fsl-mph-dr-of: check return of dma_set_mask()\n (git-fixes).\n\n - usb: typec: tcpm: reset hard_reset_count for any\n disconnect (git-fixes).\n\n - video: hyperv_fb: Fix the cache type when mapping the\n VRAM (git-fixes).\n\n - video: hyperv_fb: include vmalloc.h (git-fixes).\n\n - virtio: virtio_console: fix DMA memory allocation for\n rproc serial (git-fixes).\n\n - vt: Disable KD_FONT_OP_COPY (bsc#1178589).\n\n - x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n\n - x86/i8259: Use printk_deferred() to prevent deadlock\n (git-fixes).\n\n - x86/microcode/intel: Check patch signature before saving\n microcode for early loading (bsc#1152489).\n\n - x86/speculation: Allow IBPB to be conditionally enabled\n on CPUs with always-on STIBP (bsc#1152489).\n\n - xfs: fix a missing unlock on error in xfs_fs_map_blocks\n (git-fixes).\n\n - xfs: fix brainos in the refcount scrubber's rmap\n fragment processor (git-fixes).\n\n - xfs: fix flags argument to rmap lookup when converting\n shared file rmaps (git-fixes).\n\n - xfs: fix rmap key and record comparison functions\n (git-fixes).\n\n - xfs: revert 'xfs: fix rmap key and record comparison\n functions' (git-fixes).\n\n - xfs: set the unwritten bit in rmap lookup flags in\n xchk_bmap_get_rmapextents (git-fixes).\n\n - xhci: Fix sizeof() mismatch (git-fixes).\n\n - xhci: hisilicon: fix refercence leak in xhci_histb_probe\n (git-fixes).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179432\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debuginfo-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debugsource-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-debuginfo-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debuginfo-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debugsource-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-debuginfo-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-devel-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-docs-html-5.3.18-lp152.54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debuginfo-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debugsource-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-macros-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-debugsource-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-qa-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debuginfo-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debugsource-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-vanilla-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-syms-5.3.18-lp152.54.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-debuginfo / kernel-debug-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-30T15:32:33", "description": "The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-25705: Fixed A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740).\n\nCVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 bsc#1179432).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-14T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3764-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25669", "CVE-2020-25705", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-28915", "CVE-2020-28941", "CVE-2020-29369", "CVE-2020-29371", "CVE-2020-4788"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3764-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144143", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3764-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144143);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25669\",\n \"CVE-2020-25705\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-28915\",\n \"CVE-2020-28941\",\n \"CVE-2020-29369\",\n \"CVE-2020-29371\",\n \"CVE-2020-4788\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3764-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-25705: Fixed A flaw in the way reply ICMP packets are limited\nin was found that allowed to quickly scan open UDP ports. This flaw\nallowed an off-path remote user to effectively bypassing source port\nUDP randomization. The highest threat from this vulnerability is to\nconfidentiality and possibly integrity, because software and services\nthat rely on UDP source port randomization (like DNS) are indirectly\naffected as well. Kernel versions may be vulnerable to this issue\n(bsc#1175721, bsc#1178782).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28941: Fixed an issue where local attackers on systems with\nthe speakup driver could cause a local denial of service attack\n(bsc#1178740).\n\nCVE-2020-29369: Fixed a race condition between certain expand\nfunctions (expand_downwards and expand_upwards) and page-table free\noperations from an munmap call, aka CID-246c320a8cfe (bnc#1173504\nbsc#1179432).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178756\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25705/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28941/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29369/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203764-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cc5e9fd6\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP2-2020-3764=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27786\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-rt-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-5.3.18-19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:36", "description": "The SUSE Linux Enterprise 15-SP1 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095 (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3798-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-20934", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371", "CVE-2020-4788"], "modified": "2020-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3798-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144259", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3798-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144259);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2018-20669\", \"CVE-2019-20934\", \"CVE-2020-15436\", \"CVE-2020-15437\", \"CVE-2020-25669\", \"CVE-2020-27777\", \"CVE-2020-27786\", \"CVE-2020-28915\", \"CVE-2020-28974\", \"CVE-2020-29371\", \"CVE-2020-4788\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3798-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15-SP1 RT kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in\ndrivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c\n(bsc#1179663).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel, aka CID-3c4e0dff2095 (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20934/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15436/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15437/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27777/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27786/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-28915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-28974/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-29371/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-4788/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203798-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84d49865\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-3798=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-4.12.14-14.44.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-30T15:29:54", "description": "The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\n - CVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\n - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123).\n\n - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\n - CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393).\n\n - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\n - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\n - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\n - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\n - CVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721).\n\n - CVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740).\n\n - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\n - CVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432).\n\nThe following non-security bugs were fixed :\n\n - 9P: Cast to loff_t before multiplying (git-fixes).\n\n - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes).\n\n - ACPICA: Add NHLT table signature (bsc#1176200).\n\n - ACPI: dock: fix enum-conversion warning (git-fixes).\n\n - ACPI / extlog: Check for RDMSR failure (git-fixes).\n\n - ACPI: GED: fix -Wformat (git-fixes).\n\n - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).\n\n - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).\n\n - Add bug reference to two hv_netvsc patches (bsc#1178853).\n\n - ALSA: ctl: fix error path at adding user-defined element set (git-fixes).\n\n - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).\n\n - ALSA: fix kernel-doc markups (git-fixes).\n\n - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes).\n\n - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes).\n\n - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes).\n\n - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes).\n\n - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes).\n\n - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes).\n\n - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes).\n\n - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes).\n\n - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes).\n\n - ALSA: mixart: Fix mutex deadlock (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).\n\n - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes).\n\n - arm64: bpf: Fix branch offset in JIT (git-fixes).\n\n - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes).\n\n - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes).\n\n - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes).\n\n - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes).\n\n - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes).\n\n - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes).\n\n - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes).\n\n - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes).\n\n - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes).\n\n - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes).\n\n - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes).\n\n - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes).\n\n - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes).\n\n - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes).\n\n - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes).\n\n - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes).\n\n - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes).\n\n - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes).\n\n - ASoC: cs42l51: manage mclk shutdown delay (git-fixes).\n\n - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes).\n\n - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n\n - ASoC: qcom: sdm845: set driver name correctly (git-fixes).\n\n - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).\n\n - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes).\n\n - batman-adv: set .owner to THIS_MODULE (git-fixes).\n\n - bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes).\n\n - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518).\n\n - bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518).\n\n - bpf: Zero-fill re-used per-cpu map element (bsc#1155518).\n\n - btrfs: Account for merged patches upstream Move below patches to sorted section.\n\n - btrfs: cleanup cow block on error (bsc#1178584).\n\n - btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217).\n\n - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217).\n\n - btrfs: fix relocation failure due to race with fallocate (bsc#1179217).\n\n - btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217).\n\n - btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217).\n\n - btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217).\n\n - btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217).\n\n - btrfs: reschedule if necessary when logging directory items (bsc#1178585).\n\n - btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579).\n\n - btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581).\n\n - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes).\n\n - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes).\n\n - can: can_create_echo_skb(): fix echo skb generation:\n always use skb_clone() (git-fixes).\n\n - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes).\n\n - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes).\n\n - can: dev: can_restart(): post buffer from the right context (git-fixes).\n\n - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes).\n\n - can: flexcan: flexcan_setup_stop_mode(): add missing 'req_bit' to stop mode property comment (git-fixes).\n\n - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes).\n\n - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).\n\n - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes).\n\n - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes).\n\n - can: m_can: m_can_handle_state_change(): fix state change (git-fixes).\n\n - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes).\n\n - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes).\n\n - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes).\n\n - can: peak_usb: add range checking in decode operations (git-fixes).\n\n - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes).\n\n - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes).\n\n - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).\n\n - ceph: add check_session_state() helper and make it global (bsc#1179012).\n\n - ceph: check session state after bumping session->s_seq (bsc#1179012).\n\n - ceph: check the sesion state and return false in case it is closed (bsc#1179012).\n\n - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653).\n\n - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).\n\n - cfg80211: initialize wdev data earlier (git-fixes).\n\n - cfg80211: regulatory: Fix inconsistent format argument (git-fixes).\n\n - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).\n\n - cifs: remove bogus debug code (bsc#1179427).\n\n - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).\n\n - clk: define to_clk_regmap() as inline function (git-fixes).\n\n - Convert trailing spaces and periods in path components (bsc#1179424).\n\n - cosa: Add missing kfree in error path of cosa_write (git-fixes).\n\n - dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073).\n\n - dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073).\n\n - Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_pol l.patch (bsc#1179419)\n\n - devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353).\n\n - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).\n\n - Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076).\n\n - Do not create null.i000.ipa-clones file (bsc#1178330) Kbuild cc-option compiles /dev/null file to test for an option availability. Filter out -fdump-ipa-clones so that null.i000.ipa-clones file is not generated in the process.\n\n - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873).\n\n - drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397).\n\n - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes).\n\n - Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64.\n\n - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001).\n\n - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001).\n\n - EDAC/amd64: Gather hardware information early (bsc#1179001).\n\n - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001).\n\n - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001).\n\n - EDAC/amd64: Save max number of controllers to family type (bsc#1179001). \n\n - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001).\n\n - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes).\n\n - efi: efibc: check for efivars write capability (git-fixes).\n\n - efi: EFI_EARLYCON should depend on EFI (git-fixes).\n\n - efi/efivars: Set generic ops before loading SSDT (git-fixes).\n\n - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).\n\n - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes).\n\n - efi: provide empty efi_enter_virtual_mode implementation (git-fixes).\n\n - efivarfs: fix memory leak in efivarfs_create() (git-fixes).\n\n - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes).\n\n - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes).\n\n - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).\n\n - efi/x86: Fix the deletion of variables in mixed mode (git-fixes).\n\n - efi/x86: Free efi_pgd with free_pages() (git-fixes).\n\n - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes).\n\n - efi/x86: Ignore the memory attributes table on i386 (git-fixes).\n\n - efi/x86: Map the entire EFI vendor string before copying it (git-fixes).\n\n - exfat: fix name_hash computation on big endian systems (git-fixes).\n\n - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes).\n\n - exfat: fix possible memory leak in exfat_find() (git-fixes).\n\n - exfat: fix use of uninitialized spinlock on error path (git-fixes).\n\n - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes).\n\n - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes).\n\n - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module.\n\n - ftrace: Fix recursion check for NMI test (git-fixes).\n\n - ftrace: Handle tracing when switching between context (git-fixes).\n\n - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).\n\n - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1149032).\n\n - gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes).\n\n - gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes).\n\n - gpio: pcie-idio-24: Fix irq mask when masking (git-fixes).\n\n - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes).\n\n - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes).\n\n - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes).\n\n - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes).\n\n - hv_balloon: disable warning when floor reached (git-fixes).\n\n - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes).\n\n - hv_netvsc: Add XDP support (bsc#1177820).\n\n - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820).\n\n - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820).\n\n - hv_netvsc: record hardware hash in skb (bsc#1177820).\n\n - hwmon: (pwm-fan) Fix RPM calculation (git-fixes).\n\n - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).\n\n - i2c: mediatek: move dma reset before i2c reset (git-fixes).\n\n - i2c: sh_mobile: implement atomic transfers (git-fixes).\n\n - igc: Fix not considering the TX delay for timestamps (bsc#1160634).\n\n - igc: Fix wrong timestamp latency numbers (bsc#1160634).\n\n - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).\n\n - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).\n\n - iio: adc: mediatek: fix unset field (git-fixes).\n\n - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes).\n\n - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).\n\n - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes).\n\n - intel_idle: Customize IceLake server support (bsc#1178286).\n\n - ionic: check port ptr before use (bsc#1167773).\n\n - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes).\n\n - kABI: revert use_mm name change (MM Functionality, bsc#1178426).\n\n - kABI workaround for HD-audio (git-fixes).\n\n - kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426).\n\n - kernel-(binary,source).spec.in: do not create loop symlinks (bsc#1179082)\n\n - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install\n\n - kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes).\n\n - kgdb: Fix spurious true from in_dbg_master() (git-fixes).\n\n - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes).\n\n - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes).\n\n - lan743x: fix 'BUG: invalid wait context' when setting rx mode (git-fixes).\n\n - lan743x: fix issue causing intermittent kernel log warnings (git-fixes).\n\n - lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes).\n\n - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes).\n\n - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518).\n\n - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).\n\n - lib/crc32test: remove extra local_irq_disable/enable (git-fixes).\n\n - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518).\n\n - mac80211: always wind down STA state (git-fixes).\n\n - mac80211: fix use of skb payload instead of header (git-fixes).\n\n - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).\n\n - mac80211: minstrel: fix tx status processing corner case (git-fixes).\n\n - mac80211: minstrel: remove deferred sampling code (git-fixes).\n\n - media: imx274: fix frame interval handling (git-fixes).\n\n - media: platform: Improve queue set up flow for bug fixing (git-fixes).\n\n - media: tw5864: check status of tw5864_frameinterval_get (git-fixes).\n\n - media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes).\n\n - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes).\n\n - mei: protect mei_cl_mtu from null dereference (git-fixes).\n\n - memcg: fix NULL pointer dereference in\n __mem_cgroup_usage_unregister_event (bsc#1177703).\n\n - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes).\n\n - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes).\n\n - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes).\n\n - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes).\n\n - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426).\n\n - mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426).\n\n - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)).\n\n - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235).\n\n - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)).\n\n - mm, memcg: fix inconsistent oom event behavior (bsc#1178659).\n\n - mm/memcg: fix refcount error while moving and swapping (bsc#1178686).\n\n - mm/memcontrol.c: add missed css_put() (bsc#1178661).\n\n - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)).\n\n - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes).\n\n - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)).\n\n - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)).\n\n - mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755).\n\n - modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076).\n\n - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873).\n\n - net: ena: Capitalize all log strings and improve code readability (bsc#1177397).\n\n - net: ena: Change license into format to SPDX in all files (bsc#1177397).\n\n - net: ena: Change log message to netif/dev function (bsc#1177397).\n\n - net: ena: Change RSS related macros and variables names (bsc#1177397).\n\n - net: ena: ethtool: Add new device statistics (bsc#1177397).\n\n - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).\n\n - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397).\n\n - net: ena: Fix all static chekers' warnings (bsc#1177397).\n\n - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).\n\n - net: ena: handle bad request id in ena_netdev (bsc#1174852).\n\n - net: ena: Remove redundant print of placement policy (bsc#1177397).\n\n - net: ena: xdp: add queue counters for xdp actions (bsc#1177397).\n\n - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353).\n\n - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873).\n\n - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464).\n\n - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464).\n\n - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461).\n\n - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).\n\n - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).\n\n - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).\n\n - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n\n - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n\n - NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180).\n\n - nvme: do not update disk info for multipathed device (bsc#1171558).\n\n - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873).\n\n - p54: avoid accessing the data mapped to streaming DMA (git-fixes).\n\n - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes).\n\n - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).\n\n - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).\n\n - pinctrl: aspeed: Fix GPI only function problem (git-fixes).\n\n - pinctrl: intel: Set default bias in case no particular value given (git-fixes).\n\n - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes).\n\n - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).\n\n - PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes).\n\n - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426).\n\n - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915).\n\n - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc/pseries: new lparcfg key/value pair:\n partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915).\n\n - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426).\n\n - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293).\n\n - power: supply: bq27xxx: report 'not charging' on all types (git-fixes).\n\n - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes).\n\n - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160).\n\n - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449).\n\n - RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449).\n\n - RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449).\n\n - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449).\n\n - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464).\n\n - RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215).\n\n - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes).\n\n - reboot: fix overflow parsing reboot cpu number (git-fixes).\n\n - Refresh patches.suse/vfs-add-super_operations-get_inode_dev.\n (bsc#1176983) \n\n - regulator: avoid resolve_supply() infinite recursion (git-fixes).\n\n - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes).\n\n - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes).\n\n - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze(100,200) (git-fixes).\n\n - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes).\n\n - regulator: workaround self-referent regulators (git-fixes).\n\n - Restore the header of series.conf The header of series.conf was accidentally changed by abb50be8e6bc '(kABI: revert use_mm name change (MM Functionality, bsc#1178426))'. \n\n - Revert 'cdc-acm: hardening against malicious devices' (git-fixes).\n\n - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (git-fixes).\n\n - Revert 'xfs: complain if anyone tries to create a too-large buffer' (bsc#1179425, bsc#1179550).\n\n - rfkill: Fix use-after-free in rfkill_resume() (git-fixes).\n\n - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes).\n\n - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger\n -<dimstar@opensuse.org>\n\n - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two.\n\n - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead.\n\n - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)\n\n - rpm/kernel-(source,binary).spec: do not include ghost symlinks (boo#1179082).\n\n - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter:\n ^kernel-obs-build.*\\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e.\n merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly.\n\n - s390/bpf: Fix multiple tail calls (git-fixes).\n\n - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935).\n\n - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).\n\n - s390/dasd: fix NULL pointer dereference for ERP requests (git-fixes).\n\n - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes).\n\n - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341).\n\n - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342).\n\n - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)).\n\n - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)).\n\n - sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227).\n\n - sched: Fix rq->nr_iowait ordering (git fixes (sched)).\n\n - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros:\n section\n\n - scsi: libiscsi: Fix NOP race condition (bsc#1176481).\n\n - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873).\n\n - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes).\n\n - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes).\n\n - spi: lpspi: Fix use-after-free on unbind (git-fixes).\n\n - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes).\n\n - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes).\n\n - staging: octeon: repair 'fixed-link' support (git-fixes).\n\n - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).\n\n - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353).\n\n - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes).\n\n - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes).\n\n - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873).\n\n - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes).\n\n - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes).\n\n - timer: Fix wheel index calculation on last level (git-fixes).\n\n - timer: Prevent base->clk from moving backward (git-fixes).\n\n - tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes).\n\n - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes).\n\n - tracing: Fix out of bounds write in get_trace_buf (git-fixes).\n\n - tty: serial: fsl_lpuart: add LS1028A support (git-fixes).\n\n - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes).\n\n - tty: serial: imx: fix potential deadlock (git-fixes).\n\n - tty: serial: imx: keep console clocks always on (git-fixes).\n\n - uio: Fix use-after-free in uio_unregister_device() (git-fixes).\n\n - uio: free uio id after uio file node is freed (git-fixes).\n\n - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).\n\n - USB: adutux: fix debugging (git-fixes).\n\n - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).\n\n - USB: cdc-acm: fix cooldown mechanism (git-fixes).\n\n - USB: core: Change %pK for __user pointers to %px (git-fixes).\n\n - USB: core: driver: fix stray tabs in error messages (git-fixes).\n\n - USB: core: Fix regression in Hercules audio card (git-fixes).\n\n - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).\n\n - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).\n\n - USB: gadget: goku_udc: fix potential crashes in probe (git-fixes).\n\n - USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).\n\n - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n\n - USB: serial: cyberjack: fix write-URB completion race (git-fixes).\n\n - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes).\n\n - USB: serial: option: add Quectel EC200T module support (git-fixes).\n\n - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).\n\n - USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes).\n\n - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes).\n\n - USB: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes).\n\n - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).\n\n - video: hyperv_fb: include vmalloc.h (git-fixes).\n\n - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).\n\n - virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes).\n\n - vt: Disable KD_FONT_OP_COPY (bsc#1178589).\n\n - x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n\n - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes).\n\n - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).\n\n - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489).\n\n - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489).\n\n - xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146).\n\n - xfs: do not update mtime on COW faults (bsc#1167030).\n\n - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).\n\n - xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes).\n\n - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes).\n\n - xfs: fix rmap key and record comparison functions (git-fixes).\n\n - xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes).\n\n - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes).\n\n - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166).\n\n - xfs: prohibit fs freezing when using empty transactions (bsc#1179442).\n\n - xfs: remove unused variable 'done' (bsc#1166166).\n\n - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes).\n\n - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes).\n\n - xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes).\n\n - xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166).\n\n - xhci: Fix sizeof() mismatch (git-fixes).\n\n - xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes).\n\nkernel-default-base fixes the following issues :\n\n - Add wireguard kernel module (bsc#1179225)\n\n - Create the list of crypto kernel modules dynamically, supersedes hardcoded list of crc32 implementations (bsc#1177577)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2020-12-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-2260)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-29369", "CVE-2020-29371", "CVE-2020-4788"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2260.NASL", "href": "https://www.tenable.com/plugins/nessus/144313", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2260.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144313);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\",\n \"CVE-2020-29369\",\n \"CVE-2020-29371\",\n \"CVE-2020-4788\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-2260)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-15436: Fixed a use after free vulnerability in\n fs/block_dev.c which could have allowed local users to\n gain privileges or cause a denial of service\n (bsc#1179141).\n\n - CVE-2020-15437: Fixed a NULL pointer dereference which\n could have allowed local users to cause a denial of\n service(bsc#1179140).\n\n - CVE-2020-25668: Fixed a concurrency use-after-free in\n con_font_op (bsc#1178123).\n\n - CVE-2020-25669: Fixed a use-after-free read in\n sunkbd_reinit() (bsc#1178182).\n\n - CVE-2020-25704: Fixed a leak in\n perf_event_parse_addr_filter() (bsc#1178393).\n\n - CVE-2020-27777: Restrict RTAS requests from userspace\n (bsc#1179107)\n\n - CVE-2020-28915: Fixed a buffer over-read in the fbcon\n code which could have been used by local attackers to\n read kernel memory (bsc#1178886).\n\n - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon\n which could have been used by local attackers to read\n privileged information or potentially crash the kernel\n (bsc#1178589).\n\n - CVE-2020-29371: Fixed uninitialized memory leaks to\n userspace (bsc#1179429).\n\n - CVE-2020-25705: Fixed an issue which could have allowed\n to quickly scan open UDP ports. This flaw allowed an\n off-path remote user to effectively bypassing source\n port UDP randomization (bsc#1175721).\n\n - CVE-2020-28941: Fixed an issue where local attackers on\n systems with the speakup driver could cause a local\n denial of service attack (bsc#1178740).\n\n - CVE-2020-4788: Fixed an issue with IBM Power9 processors\n could have allowed a local user to obtain sensitive\n information from the data in the L1 cache under\n extenuating circumstances (bsc#1177666).\n\n - CVE-2020-29369: Fixed a race condition between certain\n expand functions (expand_downwards and expand_upwards)\n and page-table free operations from an munmap call, aka\n CID-246c320a8cfe (bnc#1173504 1179432).\n\nThe following non-security bugs were fixed :\n\n - 9P: Cast to loff_t before multiplying (git-fixes).\n\n - ACPI: button: Add DMI quirk for Medion Akoya E2228T\n (git-fixes).\n\n - ACPICA: Add NHLT table signature (bsc#1176200).\n\n - ACPI: dock: fix enum-conversion warning (git-fixes).\n\n - ACPI / extlog: Check for RDMSR failure (git-fixes).\n\n - ACPI: GED: fix -Wformat (git-fixes).\n\n - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).\n\n - ACPI: video: use ACPI backlight for HP 635 Notebook\n (git-fixes).\n\n - Add bug reference to two hv_netvsc patches\n (bsc#1178853).\n\n - ALSA: ctl: fix error path at adding user-defined element\n set (git-fixes).\n\n - ALSA: firewire: Clean up a locking issue in\n copy_resp_to_buf() (git-fixes).\n\n - ALSA: fix kernel-doc markups (git-fixes).\n\n - ALSA: hda: fix jack detection with Realtek codecs when\n in D3 (git-fixes).\n\n - ALSA: hda: prevent undefined shift in\n snd_hdac_ext_bus_get_link() (git-fixes).\n\n - ALSA: hda/realtek: Add some Clove SSID in the\n ALC293(ALC1220) (git-fixes).\n\n - ALSA: hda/realtek - Add supported for Lenovo ThinkPad\n Headset Button (git-fixes).\n\n - ALSA: hda/realtek - Add supported mute Led for HP\n (git-fixes).\n\n - ALSA: hda/realtek - Enable headphone for ASUS TM420\n (git-fixes).\n\n - ALSA: hda/realtek - Fixed HP headset Mic can't be\n detected (git-fixes).\n\n - ALSA: hda/realtek - HP Headset Mic can't detect after\n boot (git-fixes).\n\n - ALSA: hda: Reinstate runtime_allow() for all hda\n controllers (git-fixes).\n\n - ALSA: mixart: Fix mutex deadlock (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for all Logitech USB\n devices (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for MODX\n (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Qu-16\n (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Zoom\n UAC-2 (git-fixes).\n\n - ALSA: usb-audio: add usb vendor id as DSD-capable for\n Khadas devices (git-fixes).\n\n - arm64: bpf: Fix branch offset in JIT (git-fixes).\n\n - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII\n RX/TX delay on PHY (git-fixes).\n\n - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet\n node (git-fixes).\n\n - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet\n node (git-fixes).\n\n - arm64: dts: allwinner: beelink-gs1: Enable both RGMII\n RX/TX delay (git-fixes).\n\n - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet\n node (git-fixes).\n\n - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet\n node (git-fixes).\n\n - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX\n delay (git-fixes).\n\n - arm64: dts: fsl: DPAA FMan DMA operations are coherent\n (git-fixes).\n\n - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating\n point (git-fixes).\n\n - arm64: dts: imx8mq: Add missing interrupts to GPC\n (git-fixes).\n\n - arm64: dts: imx8mq: Fix TMU interrupt property\n (git-fixes).\n\n - arm64: dts: zynqmp: Remove additional compatible string\n for i2c IPs (git-fixes).\n\n - arm64: kprobe: add checks for ARMv8.3-PAuth combined\n instructions (git-fixes).\n\n - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs\n (git-fixes).\n\n - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs\n (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra186\n SDMMC nodes (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra194\n SDMMC nodes (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra210\n SDMMC (git-fixes).\n\n - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes).\n\n - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes).\n\n - ASoC: codecs: wcd9335: Set digital gain range correctly\n (git-fixes).\n\n - ASoC: cs42l51: manage mclk shutdown delay (git-fixes).\n\n - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup\n function (git-fixes).\n\n - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n\n - ASoC: qcom: sdm845: set driver name correctly\n (git-fixes).\n\n - ath10k: fix VHT NSS calculation when STBC is enabled\n (git-fixes).\n\n - ath10k: start recovery process when payload length\n exceeds max htc length for sdio (git-fixes).\n\n - batman-adv: set .owner to THIS_MODULE (git-fixes).\n\n - bnxt_en: Avoid sending firmware messages when AER error\n is detected (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Check abort error state in bnxt_open_nic()\n (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix NULL ptr dereference crash in\n bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix regression in workqueue cleanup logic in\n bnxt_remove_one() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also\n (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: return proper error codes in bnxt_show_temp\n (git-fixes).\n\n - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally\n (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Do not rely on GCC __attribute__((optimize)) to\n disable GCSE (bsc#1155518).\n\n - bpf: Fix comment for helper\n bpf_current_task_under_cgroup() (bsc#1155518).\n\n - bpf: Zero-fill re-used per-cpu map element\n (bsc#1155518).\n\n - btrfs: Account for merged patches upstream Move below\n patches to sorted section.\n\n - btrfs: cleanup cow block on error (bsc#1178584).\n\n - btrfs: fix bytes_may_use underflow in prealloc error\n condtition (bsc#1179217).\n\n - btrfs: fix metadata reservation for fallocate that leads\n to transaction aborts (bsc#1179217).\n\n - btrfs: fix relocation failure due to race with fallocate\n (bsc#1179217).\n\n - btrfs: remove item_size member of struct\n btrfs_clone_extent_info (bsc#1179217).\n\n - btrfs: rename btrfs_insert_clone_extent() to a more\n generic name (bsc#1179217).\n\n - btrfs: rename btrfs_punch_hole_range() to a more generic\n name (bsc#1179217).\n\n - btrfs: rename struct btrfs_clone_extent_info to a more\n generic name (bsc#1179217).\n\n - btrfs: reschedule if necessary when logging directory\n items (bsc#1178585).\n\n - btrfs: send, orphanize first all conflicting inodes when\n processing references (bsc#1178579).\n\n - btrfs: send, recompute reference path after\n orphanization of a directory (bsc#1178581).\n\n - can: af_can: prevent potential access of uninitialized\n member in canfd_rcv() (git-fixes).\n\n - can: af_can: prevent potential access of uninitialized\n member in can_rcv() (git-fixes).\n\n - can: can_create_echo_skb(): fix echo skb generation:\n always use skb_clone() (git-fixes).\n\n - can: dev: __can_get_echo_skb(): fix real payload length\n return value for RTR frames (git-fixes).\n\n - can: dev: can_get_echo_skb(): prevent call to\n kfree_skb() in hard IRQ context (git-fixes).\n\n - can: dev: can_restart(): post buffer from the right\n context (git-fixes).\n\n - can: flexcan: flexcan_remove(): disable wakeup\n completely (git-fixes).\n\n - can: flexcan: flexcan_setup_stop_mode(): add missing\n 'req_bit' to stop mode property comment (git-fixes).\n\n - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk\n for LS1021A (git-fixes).\n\n - can: gs_usb: fix endianess problem with candleLight\n firmware (git-fixes).\n\n - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming\n limits (git-fixes).\n\n - can: m_can: fix nominal bitiming tseg2 min for version\n >= 3.1 (git-fixes).\n\n - can: m_can: m_can_handle_state_change(): fix state\n change (git-fixes).\n\n - can: m_can: m_can_stop(): set device to software init\n mode before closing (git-fixes).\n\n - can: mcba_usb: mcba_usb_start_xmit(): first fill skb,\n then pass to can_put_echo_skb() (git-fixes).\n\n - can: peak_canfd: pucan_handle_can_rx(): fix echo\n management when loopback is on (git-fixes).\n\n - can: peak_usb: add range checking in decode operations\n (git-fixes).\n\n - can: peak_usb: fix potential integer overflow on shift\n of a int (git-fixes).\n\n - can: peak_usb: peak_usb_get_ts_time(): fix timestamp\n wrapping (git-fixes).\n\n - can: rx-offload: do not call kfree_skb() from IRQ\n context (git-fixes).\n\n - ceph: add check_session_state() helper and make it\n global (bsc#1179012).\n\n - ceph: check session state after bumping session->s_seq\n (bsc#1179012).\n\n - ceph: check the sesion state and return false in case it\n is closed (bsc#1179012).\n\n - ceph: downgrade warning from mdsmap decode to debug\n (bsc#1178653).\n\n - ceph: fix race in concurrent __ceph_remove_cap\n invocations (bsc#1178635).\n\n - cfg80211: initialize wdev data earlier (git-fixes).\n\n - cfg80211: regulatory: Fix inconsistent format argument\n (git-fixes).\n\n - cifs: Fix incomplete memory allocation on setxattr path\n (bsc#1179211).\n\n - cifs: remove bogus debug code (bsc#1179427).\n\n - cifs: Return the error from crypt_message when enc/dec\n key not found (bsc#1179426).\n\n - clk: define to_clk_regmap() as inline function\n (git-fixes).\n\n - Convert trailing spaces and periods in path components\n (bsc#1179424).\n\n - cosa: Add missing kfree in error path of cosa_write\n (git-fixes).\n\n - dax: fix detection of dax support for non-persistent\n memory block devices (bsc#1171073).\n\n - dax: Fix stack overflow when mounting fsdax pmem device\n (bsc#1171073).\n\n - Delete\n patches.suse/fs-select.c-batch-user-writes-in-do_sys_pol\n l.patch (bsc#1179419)\n\n - devlink: Make sure devlink instance and port are in same\n net namespace (bsc#1154353).\n\n - docs: ABI: sysfs-c2port: remove a duplicated entry\n (git-fixes).\n\n - Documentation/admin-guide/module-signing.rst: add\n openssl command option example for CodeSign EKU\n (bsc#1177353, bsc#1179076).\n\n - Do not create null.i000.ipa-clones file (bsc#1178330)\n Kbuild cc-option compiles /dev/null file to test for an\n option availability. Filter out -fdump-ipa-clones so\n that null.i000.ipa-clones file is not generated in the\n process.\n\n - drbd: code cleanup by using sendpage_ok() to check page\n for kernel_sendpage() (bsc#1172873).\n\n - drivers/net/ethernet: remove incorrectly formatted doc\n (bsc#1177397).\n\n - drivers: watchdog: rdc321x_wdt: Fix race condition bugs\n (git-fixes).\n\n - Drop sysctl files for dropped archs, add ppc64le and arm\n (bsc#1178838). Also correct the page size on ppc64.\n\n - EDAC/amd64: Cache secondary Chip Select registers\n (bsc#1179001).\n\n - EDAC/amd64: Find Chip Select memory size using Address\n Mask (bsc#1179001).\n\n - EDAC/amd64: Gather hardware information early\n (bsc#1179001).\n\n - EDAC/amd64: Initialize DIMM info for systems with more\n than two channels (bsc#1179001).\n\n - EDAC/amd64: Make struct amd64_family_type global\n (bsc#1179001).\n\n - EDAC/amd64: Save max number of controllers to family\n type (bsc#1179001). \n\n - EDAC/amd64: Support asymmetric dual-rank DIMMs\n (bsc#1179001).\n\n - efi: add missed destroy_workqueue when efisubsys_init\n fails (git-fixes).\n\n - efi: efibc: check for efivars write capability\n (git-fixes).\n\n - efi: EFI_EARLYCON should depend on EFI (git-fixes).\n\n - efi/efivars: Set generic ops before loading SSDT\n (git-fixes).\n\n - efi/esrt: Fix reference count leak in\n esre_create_sysfs_entry (git-fixes).\n\n - efi/libstub/x86: Work around LLVM ELF quirk build\n regression (git-fixes).\n\n - efi: provide empty efi_enter_virtual_mode implementation\n (git-fixes).\n\n - efivarfs: fix memory leak in efivarfs_create()\n (git-fixes).\n\n - efivarfs: revert 'fix memory leak in efivarfs_create()'\n (git-fixes).\n\n - efi/x86: Align GUIDs to their size in the mixed mode\n runtime wrapper (git-fixes).\n\n - efi/x86: Do not panic or BUG() on non-critical error\n conditions (git-fixes).\n\n - efi/x86: Fix the deletion of variables in mixed mode\n (git-fixes).\n\n - efi/x86: Free efi_pgd with free_pages() (git-fixes).\n\n - efi/x86: Handle by-ref arguments covering multiple pages\n in mixed mode (git-fixes).\n\n - efi/x86: Ignore the memory attributes table on i386\n (git-fixes).\n\n - efi/x86: Map the entire EFI vendor string before copying\n it (git-fixes).\n\n - exfat: fix name_hash computation on big endian systems\n (git-fixes).\n\n - exfat: fix overflow issue in exfat_cluster_to_sector()\n (git-fixes).\n\n - exfat: fix possible memory leak in exfat_find()\n (git-fixes).\n\n - exfat: fix use of uninitialized spinlock on error path\n (git-fixes).\n\n - exfat: fix wrong hint_stat initialization in\n exfat_find_dir_entry() (git-fixes).\n\n - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into\n linux/font.h (git-fixes).\n\n - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201)\n CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it\n as module.\n\n - ftrace: Fix recursion check for NMI test (git-fixes).\n\n - ftrace: Handle tracing when switching between context\n (git-fixes).\n\n - futex: Do not enable IRQs unconditionally in\n put_pi_state() (bsc#1149032).\n\n - futex: Handle transient 'ownerless' rtmutex state\n correctly (bsc#1149032).\n\n - gpio: pcie-idio-24: Enable PEX8311 interrupts\n (git-fixes).\n\n - gpio: pcie-idio-24: Fix IRQ Enable Register value\n (git-fixes).\n\n - gpio: pcie-idio-24: Fix irq mask when masking\n (git-fixes).\n\n - HID: logitech-dj: Fix an error in\n mse_bluetooth_descriptor (git-fixes).\n\n - HID: logitech-dj: Fix Dinovo Mini when paired with a\n MX5x00 receiver (git-fixes).\n\n - HID: logitech-dj: Handle quad/bluetooth keyboards with a\n builtin trackpad (git-fixes).\n\n - HID: logitech-hidpp: Add PID for MX Anywhere 2\n (git-fixes).\n\n - hv_balloon: disable warning when floor reached\n (git-fixes).\n\n - hv: clocksource: Add notrace attribute to\n read_hv_sched_clock_*() functions (git-fixes).\n\n - hv_netvsc: Add XDP support (bsc#1177820).\n\n - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs\n (bsc#1177820).\n\n - hv_netvsc: make recording RSS hash depend on feature\n flag (bsc#1177820).\n\n - hv_netvsc: record hardware hash in skb (bsc#1177820).\n\n - hwmon: (pwm-fan) Fix RPM calculation (git-fixes).\n\n - hyperv_fb: Update screen_info after removing old\n framebuffer (bsc#1175306).\n\n - i2c: mediatek: move dma reset before i2c reset\n (git-fixes).\n\n - i2c: sh_mobile: implement atomic transfers (git-fixes).\n\n - igc: Fix not considering the TX delay for timestamps\n (bsc#1160634).\n\n - igc: Fix wrong timestamp latency numbers (bsc#1160634).\n\n - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM\n for setting tablet-mode (git-fixes).\n\n - iio: accel: kxcjk1013: Replace is_smo8500_device with an\n acpi_type enum (git-fixes).\n\n - iio: adc: mediatek: fix unset field (git-fixes).\n\n - iio: light: fix kconfig dependency bug for VCNL4035\n (git-fixes).\n\n - Input: adxl34x - clean up a data type in adxl34x_probe()\n (git-fixes).\n\n - Input: resistive-adc-touch - fix kconfig dependency on\n IIO_BUFFER (git-fixes).\n\n - intel_idle: Customize IceLake server support\n (bsc#1178286).\n\n - ionic: check port ptr before use (bsc#1167773).\n\n - iwlwifi: mvm: write queue_sync_state only for sync\n (git-fixes).\n\n - kABI: revert use_mm name change (MM Functionality,\n bsc#1178426).\n\n - kABI workaround for HD-audio (git-fixes).\n\n - kernel: better document the use_mm/unuse_mm API contract\n (MM Functionality, bsc#1178426).\n\n - kernel-(binary,source).spec.in: do not create loop\n symlinks (bsc#1179082)\n\n - kernel-source.spec: Fix build with rpm 4.16\n (boo#1179015). RPM_BUILD_ROOT is cleared before\n %%install. Do the unpack into RPM_BUILD_ROOT in\n %%install\n\n - kernel/watchdog: fix watchdog_allowed_mask not used\n warning (git-fixes).\n\n - kgdb: Fix spurious true from in_dbg_master()\n (git-fixes).\n\n - kthread_worker: prevent queuing delayed work from\n timer_fn when it is being canceled (git-fixes).\n\n - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return\n SMCCC_RET_NOT_REQUIRED (git-fixes).\n\n - lan743x: fix 'BUG: invalid wait context' when setting rx\n mode (git-fixes).\n\n - lan743x: fix issue causing intermittent kernel log\n warnings (git-fixes).\n\n - lan743x: prevent entire kernel HANG on open, for some\n platforms (git-fixes).\n\n - leds: bcm6328, bcm6358: use devres LED registering\n function (git-fixes).\n\n - libbpf, hashmap: Fix undefined behavior in hash_bits\n (bsc#1155518).\n\n - libceph: use sendpage_ok() in ceph_tcp_sendpage()\n (bsc#1172873).\n\n - lib/crc32test: remove extra local_irq_disable/enable\n (git-fixes).\n\n - libnvdimm/nvdimm/flush: Allow architecture to override\n the flush barrier (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - lib/strncpy_from_user.c: Mask out bytes after NUL\n terminator (bsc#1155518).\n\n - mac80211: always wind down STA state (git-fixes).\n\n - mac80211: fix use of skb payload instead of header\n (git-fixes).\n\n - mac80211: free sta in sta_info_insert_finish() on errors\n (git-fixes).\n\n - mac80211: minstrel: fix tx status processing corner case\n (git-fixes).\n\n - mac80211: minstrel: remove deferred sampling code\n (git-fixes).\n\n - media: imx274: fix frame interval handling (git-fixes).\n\n - media: platform: Improve queue set up flow for bug\n fixing (git-fixes).\n\n - media: tw5864: check status of tw5864_frameinterval_get\n (git-fixes).\n\n - media: uvcvideo: Fix dereference of out-of-bound list\n iterator (git-fixes).\n\n - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having\n any effect (git-fixes).\n\n - mei: protect mei_cl_mtu from null dereference\n (git-fixes).\n\n - memcg: fix NULL pointer dereference in\n __mem_cgroup_usage_unregister_event (bsc#1177703).\n\n - mfd: sprd: Add wakeup capability for PMIC IRQ\n (git-fixes).\n\n - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free()\n at remove (git-fixes).\n\n - mmc: sdhci-of-esdhc: Handle pulse width detection\n erratum for more SoCs (git-fixes).\n\n - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode\n for BYT-based Intel controllers (git-fixes).\n\n - mm: fix exec activate_mm vs TLB shootdown and lazy tlb\n switching race (MM Functionality, bsc#1178426).\n\n - mm: fix kthread_use_mm() vs TLB invalidate (MM\n Functionality, bsc#1178426).\n\n - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git\n fixes (mm/gup)).\n\n - mm/gup: fix gup_fast with dynamic page table folding\n (bnc#1176586, LTC#188235).\n\n - mm/ksm: fix NULL pointer dereference when KSM zero page\n is enabled (git fixes (mm/ksm)).\n\n - mm, memcg: fix inconsistent oom event behavior\n (bsc#1178659).\n\n - mm/memcg: fix refcount error while moving and swapping\n (bsc#1178686).\n\n - mm/memcontrol.c: add missed css_put() (bsc#1178661).\n\n - mm: mempolicy: require at least one nodeid for\n MPOL_PREFERRED (git fixes (mm/mempolicy)).\n\n - mm/swapfile.c: fix potential memory leak in sys_swapon\n (git-fixes).\n\n - mm: swap: make page_evictable() inline (git fixes\n (mm/vmscan)).\n\n - mm: swap: use smp_mb__after_atomic() to order LRU bit\n set (git fixes (mm/vmscan)).\n\n - mm, THP, swap: fix allocating cluster for swapfile by\n mistake (bsc#1178755).\n\n - modsign: Add codeSigning EKU when generating X.509 key\n generation config (bsc#1177353, bsc#1179076).\n\n - net: add WARN_ONCE in kernel_sendpage() for improper\n zero-copy send (bsc#1172873).\n\n - net: ena: Capitalize all log strings and improve code\n readability (bsc#1177397).\n\n - net: ena: Change license into format to SPDX in all\n files (bsc#1177397).\n\n - net: ena: Change log message to netif/dev function\n (bsc#1177397).\n\n - net: ena: Change RSS related macros and variables names\n (bsc#1177397).\n\n - net: ena: ethtool: Add new device statistics\n (bsc#1177397).\n\n - net: ena: ethtool: add stats printing to XDP queues\n (bsc#1177397).\n\n - net: ena: ethtool: convert stat_offset to 64 bit\n resolution (bsc#1177397).\n\n - net: ena: Fix all static chekers' warnings\n (bsc#1177397).\n\n - net: ena: fix packet's addresses for rx_offset feature\n (bsc#1174852).\n\n - net: ena: handle bad request id in ena_netdev\n (bsc#1174852).\n\n - net: ena: Remove redundant print of placement policy\n (bsc#1177397).\n\n - net: ena: xdp: add queue counters for xdp actions\n (bsc#1177397).\n\n - net: fix pos incrementment in ipv6_route_seq_next\n (bsc#1154353).\n\n - net: introduce helper sendpage_ok() in\n include/linux/net.h (bsc#1172873). kABI workaround for\n including mm.h in include/linux/net.h (bsc#1172873).\n\n - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464).\n\n - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if\n qos disabled (jsc#SLE-8464).\n\n - net: mscc: ocelot: fix race condition with TX\n timestamping (bsc#1178461).\n\n - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition\n (git-fixes).\n\n - nfc: s3fwrn5: use signed integer for parsing GPIO\n numbers (git-fixes).\n\n - NFS: only invalidate dentrys that are clearly invalid\n (bsc#1178669 bsc#1170139).\n\n - NFSv4: Handle NFS4ERR_OLD_STATEID in\n CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n\n - NFSv4: Wait for stateid updates after\n CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n\n - NFSv4.x recover from pre-mature loss of openstateid\n (bsc#1176180).\n\n - nvme: do not update disk info for multipathed device\n (bsc#1171558).\n\n - nvme-tcp: check page by sendpage_ok() before calling\n kernel_sendpage() (bsc#1172873).\n\n - p54: avoid accessing the data mapped to streaming DMA\n (git-fixes).\n\n - PCI/ACPI: Whitelist hotplug ports for D3 if power\n managed by ACPI (git-fixes).\n\n - pinctrl: amd: fix incorrect way to disable debounce\n filter (git-fixes).\n\n - pinctrl: amd: use higher precision for 512 RtcClk\n (git-fixes).\n\n - pinctrl: aspeed: Fix GPI only function problem\n (git-fixes).\n\n - pinctrl: intel: Set default bias in case no particular\n value given (git-fixes).\n\n - platform/x86: thinkpad_acpi: Send tablet mode switch at\n wakeup time (git-fixes).\n\n - platform/x86: toshiba_acpi: Fix the wrong variable\n assignment (git-fixes).\n\n - PM: runtime: Drop runtime PM references to supplier on\n link removal (git-fixes).\n\n - powerpc/64s/radix: Fix mm_cpumask trimming race vs\n kthread_use_mm (MM Functionality, bsc#1178426).\n\n - powerpc: Inline doorbell sending functions\n (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc/perf: consolidate GPCI hcall structs into\n asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915).\n\n - powerpc/pmem: Add flush routines using new pmem store\n and sync instruction (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add new instructions for persistent\n storage and sync (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Avoid the barrier in flush routines\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Initialize pmem device on newer hardware\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Restrict papr_scm to P8 and above\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Update ppc64 to use the new barrier\n instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109\n ltc#187964).\n\n - powerpc/pseries: Add KVM guest doorbell restrictions\n (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc/pseries: new lparcfg key/value pair:\n partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915).\n\n - powerpc/pseries: Use doorbells even if XIVE is available\n (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM\n Functionality, bsc#1178426).\n\n - powerpc/vnic: Extend 'failover pending' window\n (bsc#1176855 ltc#187293).\n\n - power: supply: bq27xxx: report 'not charging' on all\n types (git-fixes).\n\n - power: supply: test_power: add missing newlines when\n printing parameters by sysfs (git-fixes).\n\n - qla2xxx: Add MODULE_VERSION back to driver\n (bsc#1179160).\n\n - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP\n (jsc#SLE-8449).\n\n - RDMA/hns: Fix the wrong value of rnr_retry when querying\n qp (jsc#SLE-8449).\n\n - RDMA/hns: Fix wrong field of SRQ number the device\n supports (jsc#SLE-8449).\n\n - RDMA/hns: Solve the overflow of the calc_pg_sz()\n (jsc#SLE-8449).\n\n - RDMA/mlx5: Fix devlink deadlock on net namespace\n deletion (jsc#SLE-8464).\n\n - RDMA/qedr: Fix return code if accept is called on a\n destroyed qp (jsc#SLE-8215).\n\n - RDMA/ucma: Add missing locking around\n rdma_leave_multicast() (git-fixes).\n\n - reboot: fix overflow parsing reboot cpu number\n (git-fixes).\n\n - Refresh\n patches.suse/vfs-add-super_operations-get_inode_dev.\n (bsc#1176983) \n\n - regulator: avoid resolve_supply() infinite recursion\n (git-fixes).\n\n - regulator: defer probe when trying to get voltage from\n unresolved supply (git-fixes).\n\n - regulator: fix memory leak with repeated\n set_machine_constraints() (git-fixes).\n\n - regulator: pfuze100: limit pfuze-support-disable-sw to\n pfuze(100,200) (git-fixes).\n\n - regulator: ti-abb: Fix array out of bound read access on\n the first transition (git-fixes).\n\n - regulator: workaround self-referent regulators\n (git-fixes).\n\n - Restore the header of series.conf The header of\n series.conf was accidentally changed by abb50be8e6bc\n '(kABI: revert use_mm name change (MM Functionality,\n bsc#1178426))'. \n\n - Revert 'cdc-acm: hardening against malicious devices'\n (git-fixes).\n\n - Revert 'kernel/reboot.c: convert simple_strtoul to\n kstrtoint' (git-fixes).\n\n - Revert 'xfs: complain if anyone tries to create a\n too-large buffer' (bsc#1179425, bsc#1179550).\n\n - rfkill: Fix use-after-free in rfkill_resume()\n (git-fixes).\n\n - ring-buffer: Fix recursion protection transitions\n between interrupt context (git-fixes).\n\n - rpm/kernel-binary.spec.in: avoid using barewords\n (bsc#1179014) Author: Dominique Leuenberger\n -<dimstar@opensuse.org>\n\n - rpm/kernel-binary.spec.in: avoid using more barewords\n (bsc#1179014) %split_extra still contained two.\n\n - rpm/kernel-binary.spec.in: use grep -E instead of egrep\n (bsc#1179045) egrep is only a deprecated bash wrapper\n for 'grep -E'. So use the latter instead.\n\n - rpm/kernel-obs-build.spec.in: Add -q option to modprobe\n calls (bsc#1178401)\n\n - rpm/kernel-(source,binary).spec: do not include ghost\n symlinks (boo#1179082).\n\n - rpm/mkspec: do not build kernel-obs-build on x86_32 We\n want to use 64bit kernel due to various bugs\n (bsc#1178762 to name one). There is: ExportFilter:\n ^kernel-obs-build.*\\.x86_64.rpm$ . i586 in Factory's\n prjconf now. No other actively maintained distro (i.e.\n merging packaging branch) builds a x86_32 kernel, hence\n pushing to packaging directly.\n\n - s390/bpf: Fix multiple tail calls (git-fixes).\n\n - s390/cpum_cf,perf: change DFLT_CCERROR counter name\n (bsc#1175918 LTC#187935).\n\n - s390/cpum_sf.c: fix file permission for cpum_sfb_size\n (git-fixes).\n\n - s390/dasd: fix NULL pointer dereference for ERP requests\n (git-fixes).\n\n - s390/pkey: fix paes selftest failure with paes and pkey\n static build (git-fixes).\n\n - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066\n LTC#188341).\n\n - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070\n LTC#188342).\n\n - sched/fair: Ensure tasks spreading in LLC during LB (git\n fixes (sched)).\n\n - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list\n (git fixes (sched)).\n\n - sched: Fix loadavg accounting race on arm64 kabi\n (bnc#1178227).\n\n - sched: Fix rq->nr_iowait ordering (git fixes (sched)).\n\n - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros:\n section\n\n - scsi: libiscsi: Fix NOP race condition (bsc#1176481).\n\n - scsi: libiscsi: use sendpage_ok() in\n iscsi_tcp_segment_map() (bsc#1172873).\n\n - serial: 8250_mtk: Fix uart_get_baud_rate warning\n (git-fixes).\n\n - serial: txx9: add missing platform_driver_unregister()\n on error in serial_txx9_init (git-fixes).\n\n - spi: lpspi: Fix use-after-free on unbind (git-fixes).\n\n - staging: comedi: cb_pcidas: Allow 2-channel commands for\n AO subdevice (git-fixes).\n\n - staging: octeon: Drop on uncorrectable alignment or FCS\n error (git-fixes).\n\n - staging: octeon: repair 'fixed-link' support\n (git-fixes).\n\n - staging: rtl8723bs: Add 024c:0627 to the list of SDIO\n device-ids (git-fixes).\n\n - SUNRPC: fix copying of multiple pages in\n gss_read_proxy_verf() (bsc#1154353).\n\n - SUNRPC: Fix general protection fault in\n trace_rpc_xdr_overflow() (git-fixes).\n\n - svcrdma: fix bounce buffers for unaligned offsets and\n multiple pages (git-fixes).\n\n - tcp: use sendpage_ok() to detect misused .sendpage\n (bsc#1172873).\n\n - thunderbolt: Add the missed ida_simple_remove() in\n ring_request_msix() (git-fixes).\n\n - thunderbolt: Fix memory leak if ida_simple_get() fails\n in enumerate_services() (git-fixes).\n\n - timer: Fix wheel index calculation on last level\n (git-fixes).\n\n - timer: Prevent base->clk from moving backward\n (git-fixes).\n\n - tpm: efi: Do not create binary_bios_measurements file\n for an empty log (git-fixes).\n\n - tpm_tis: Disable interrupts on ThinkPad T490s\n (git-fixes).\n\n - tracing: Fix out of bounds write in get_trace_buf\n (git-fixes).\n\n - tty: serial: fsl_lpuart: add LS1028A support\n (git-fixes).\n\n - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16\n words, like LS1028A (git-fixes).\n\n - tty: serial: imx: fix potential deadlock (git-fixes).\n\n - tty: serial: imx: keep console clocks always on\n (git-fixes).\n\n - uio: Fix use-after-free in uio_unregister_device()\n (git-fixes).\n\n - uio: free uio id after uio file node is freed\n (git-fixes).\n\n - USB: Add NO_LPM quirk for Kingston flash drive\n (git-fixes).\n\n - USB: adutux: fix debugging (git-fixes).\n\n - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download\n mode (git-fixes).\n\n - USB: cdc-acm: fix cooldown mechanism (git-fixes).\n\n - USB: core: Change %pK for __user pointers to %px\n (git-fixes).\n\n - USB: core: driver: fix stray tabs in error messages\n (git-fixes).\n\n - USB: core: Fix regression in Hercules audio card\n (git-fixes).\n\n - USB: gadget: Fix memleak in gadgetfs_fill_super\n (git-fixes).\n\n - USB: gadget: f_midi: Fix memleak in f_midi_alloc\n (git-fixes).\n\n - USB: gadget: goku_udc: fix potential crashes in probe\n (git-fixes).\n\n - USB: host: fsl-mph-dr-of: check return of dma_set_mask()\n (git-fixes).\n\n - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n\n - USB: serial: cyberjack: fix write-URB completion race\n (git-fixes).\n\n - USB: serial: option: add LE910Cx compositions 0x1203,\n 0x1230, 0x1231 (git-fixes).\n\n - USB: serial: option: add Quectel EC200T module support\n (git-fixes).\n\n - USB: serial: option: add Telit FN980 composition 0x1055\n (git-fixes).\n\n - USB: typec: tcpm: During PR_SWAP, source caps should be\n sent only after tSwapSourceStart (git-fixes).\n\n - USB: typec: tcpm: reset hard_reset_count for any\n disconnect (git-fixes).\n\n - USB: xhci: omit duplicate actions when suspending a\n runtime suspended host (git-fixes).\n\n - video: hyperv_fb: Fix the cache type when mapping the\n VRAM (git-fixes).\n\n - video: hyperv_fb: include vmalloc.h (git-fixes).\n\n - video: hyperv: hyperv_fb: Obtain screen resolution from\n Hyper-V host (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Support deferred IO for\n Hyper-V frame buffer driver (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Use physical memory for fb on\n HyperV Gen 1 VMs (bsc#1175306).\n\n - virtio: virtio_console: fix DMA memory allocation for\n rproc serial (git-fixes).\n\n - vt: Disable KD_FONT_OP_COPY (bsc#1178589).\n\n - x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n\n - x86/i8259: Use printk_deferred() to prevent deadlock\n (git-fixes).\n\n - x86/kexec: Use up-to-dated screen_info copy to fill boot\n params (bsc#1175306).\n\n - x86/microcode/intel: Check patch signature before saving\n microcode for early loading (bsc#1152489).\n\n - x86/speculation: Allow IBPB to be conditionally enabled\n on CPUs with always-on STIBP (bsc#1152489).\n\n - xfs: complain if anyone tries to create a too-large\n buffer log item (bsc#1166146).\n\n - xfs: do not update mtime on COW faults (bsc#1167030).\n\n - xfs: fix a missing unlock on error in xfs_fs_map_blocks\n (git-fixes).\n\n - xfs: fix brainos in the refcount scrubber's rmap\n fragment processor (git-fixes).\n\n - xfs: fix flags argument to rmap lookup when converting\n shared file rmaps (git-fixes).\n\n - xfs: fix rmap key and record comparison functions\n (git-fixes).\n\n - xfs: fix scrub flagging rtinherit even if there is no rt\n device (git-fixes).\n\n - xfs: flush new eof page on truncate to avoid post-eof\n corruption (git-fixes).\n\n - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166).\n\n - xfs: prohibit fs freezing when using empty transactions\n (bsc#1179442).\n\n - xfs: remove unused variable 'done' (bsc#1166166).\n\n - xfs: revert 'xfs: fix rmap key and record comparison\n functions' (git-fixes).\n\n - xfs: set the unwritten bit in rmap lookup flags in\n xchk_bmap_get_rmapextents (git-fixes).\n\n - xfs: set xefi_discard when creating a deferred agfl free\n log intent item (git-fixes).\n\n - xfs: truncate should remove all blocks, not just to the\n end of the page cache (bsc#1166166).\n\n - xhci: Fix sizeof() mismatch (git-fixes).\n\n - xhci: hisilicon: fix refercence leak in xhci_histb_probe\n (git-fixes).\n\nkernel-default-base fixes the following issues :\n\n - Add wireguard kernel module (bsc#1179225)\n\n - Create the list of crypto kernel modules dynamically,\n supersedes hardcoded list of crc32 implementations\n (bsc#1177577)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1166146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1166166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179550\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-default-base / kernel-default-base-rebuild\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-30T15:31:52", "description": "The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721).\n\nCVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-11T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3748-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-29369", "CVE-2020-29371", "CVE-2020-4788"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3748-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144101", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3748-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144101);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-4788\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\",\n \"CVE-2020-29369\",\n \"CVE-2020-29371\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3748-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25668: Fixed a concurrency use-after-free in con_font_op\n(bsc#1178123).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter()\n(bsc#1178393).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-25705: Fixed an issue which could have allowed to quickly\nscan open UDP ports. This flaw allowed an off-path remote user to\neffectively bypassing source port UDP randomization (bsc#1175721).\n\nCVE-2020-28941: Fixed an issue where local attackers on systems with\nthe speakup driver could cause a local denial of service attack\n(bsc#1178740).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-29369: Fixed a race condition between certain expand\nfunctions (expand_downwards and expand_upwards) and page-table free\noperations from an munmap call, aka CID-246c320a8cfe (bnc#1173504\n1179432).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1166146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1166166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25704/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28941/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29369/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203748-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ada2721\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-3748=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-3748=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-3748=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP2-2020-3748=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3748=1\n\nSUSE Linux Enterprise High Availability 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-3748=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.43.2.9.17.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.43.2.9.17.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.43.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T15:40:46", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed.(CVE-2020-0427)NULL-ptr deref in the spk_ttyio_receive_buf2() function in spk_ttyio.c.(CVE-2020-27830)In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed.(CVE-2020-0466)In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.(CVE-2020-27068)use-after-free read in sunkbd_reinit in drivers/input/keyboard/sunkbd.c.(CVE-2020-25669)A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.(CVE-2020-28941)A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue.(CVE-2020-25705)race condition in fg_console can lead to use-after-free in con_font_op.(CVE-2020-25668)The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.(CVE-2020-27673)An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.(CVE-2020-29368)An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.(CVE-2020-27675)A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1009)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0427", "CVE-2020-0466", "CVE-2020-15437", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25705", "CVE-2020-27068", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27830", "CVE-2020-28915", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-29368", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1009.NASL", "href": "https://www.tenable.com/plugins/nessus/144687", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144687);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2020-0427\",\n \"CVE-2020-0466\",\n \"CVE-2020-15437\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25705\",\n \"CVE-2020-27068\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27830\",\n \"CVE-2020-28915\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\",\n \"CVE-2020-29368\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1009)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):In create_pinctrl of\n core.c, there is a possible out of bounds read due to a\n use after free. This could lead to local information\n disclosure with no additional execution privileges\n needed.(CVE-2020-0427)NULL-ptr deref in the\n spk_ttyio_receive_buf2() function in\n spk_ttyio.c.(CVE-2020-27830)In do_epoll_ctl and\n ep_loop_check_proc of eventpoll.c, there is a possible\n use after free due to a logic error. This could lead to\n local escalation of privilege with no additional\n execution privileges needed.(CVE-2020-0466)In the\n nl80211_policy policy of nl80211.c, there is a possible\n out of bounds read due to a missing bounds check. This\n could lead to local information disclosure with System\n execution privileges\n needed.(CVE-2020-27068)use-after-free read in\n sunkbd_reinit in\n drivers/input/keyboard/sunkbd.c.(CVE-2020-25669)A flaw\n was found in the Linux kernels implementation of MIDI,\n where an attacker with a local account and the\n permissions to issue an ioctl commands to midi devices,\n could trigger a use-after-free. A write to this\n specific memory while freed and before use could cause\n the flow of execution to change and possibly allow for\n memory corruption or privilege\n escalation.(CVE-2020-27786)An issue was discovered in\n romfs_dev_read in fs/romfs/storage.c in the Linux\n kernel before 5.8.4. Uninitialized memory leaks to\n userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)A\n slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)A\n locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)A locking issue was\n discovered in the tty subsystem of the Linux kernel\n through 5.9.13. drivers/tty/tty_jobctrl.c allows a\n use-after-free attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)An issue was\n discovered in drivers/accessibility/speakup/spk_ttyio.c\n in the Linux kernel through 5.9.9. Local attackers on\n systems with the speakup driver could cause a local\n denial of service attack, aka CID-d41227544427. This\n occurs because of an invalid free when the line\n discipline is used more than once.(CVE-2020-28941)A\n buffer over-read (at the framebuffer layer) in the\n fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)A flaw in the way\n reply ICMP packets are limited in the Linux kernel\n functionality was found that allows to quickly scan\n open UDP ports. This flaw allows an off-path remote\n user to effectively bypassing source port UDP\n randomization. The highest threat from this\n vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source\n port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this\n issue.(CVE-2020-25705)race condition in fg_console can\n lead to use-after-free in\n con_font_op.(CVE-2020-25668)The Linux kernel before\n version 5.8 is vulnerable to a NULL pointer dereference\n in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)An issue was discovered\n in the Linux kernel through 5.9.1, as used with Xen\n through 4.14.x. Guest OS users can cause a denial of\n service (host OS hang) via a high rate of events to\n dom0, aka CID-e99502f76271.(CVE-2020-27673)An issue was\n discovered in __split_huge_pmd in mm/huge_memory.c in\n the Linux kernel before 5.7.5. The copy-on-write\n implementation can grant unintended write access\n because of a race condition in a THP mapcount check,\n aka CID-c444eb564fb1.(CVE-2020-29368)An issue was\n discovered in the Linux kernel through 5.9.1, as used\n with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel\n removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL\n pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized\n device, aka CID-073d0552ead5.(CVE-2020-27675)A flaw was\n found in the way RTAS handled memory accesses in\n userspace to kernel communication. On a locked down\n (usually due to Secure Boot) guest system running on\n top of PowerVM or KVM hypervisors (pseries platform) a\n root like local user could use this flaw to further\n increase their privileges to that of a running\n kernel.(CVE-2020-27777)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1009\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7964da21\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.18.0-147.5.1.2.h314.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.2.h314.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.2.h314.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.2.h314.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:07", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9456)\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.(CVE-2020-10773)\n\n - A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.(CVE-2020-12114)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-14305)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.(CVE-2020-12352)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2021-1311)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2019-9456", "CVE-2020-0305", "CVE-2020-10773", "CVE-2020-12114", "CVE-2020-12352", "CVE-2020-14305", "CVE-2020-14351", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25656", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2021-02-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1311.NASL", "href": "https://www.tenable.com/plugins/nessus/146701", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146701);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/24\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2019-9456\",\n \"CVE-2020-0305\",\n \"CVE-2020-10773\",\n \"CVE-2020-12114\",\n \"CVE-2020-12352\",\n \"CVE-2020-14305\",\n \"CVE-2020-14351\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25656\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2021-1311)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c in the\n Linux kernel through 5.10.4 might allow remote\n attackers to execute arbitrary code via a long SSID\n value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - A flaw was found in the Linux kernel. A use-after-free\n was found in the way the console subsystem was using\n ioctls KDGKBSENT and KDSKBSENT. A local user could use\n this flaw to get read memory access out of bounds. The\n highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-25656)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-14351)\n\n - A flaw was found in the way RTAS handled memory\n accesses in userspace to kernel communication. On a\n locked down (usually due to Secure Boot) guest system\n running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to\n further increase their privileges to that of a running\n kernel.(CVE-2020-27777)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An issue was discovered in the Linux kernel before\n 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault\n statistics are inappropriately freed, aka\n CID-16d51a590a8c.(CVE-2019-20934)\n\n - A flaw was found in the Linux kernels implementation of\n MIDI, where an attacker with a local account and the\n permissions to issue an ioctl commands to midi devices,\n could trigger a use-after-free. A write to this\n specific memory while freed and before use could cause\n the flow of execution to change and possibly allow for\n memory corruption or privilege\n escalation.(CVE-2020-27786)\n\n - An issue was discovered in romfs_dev_read in\n fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - In the Android kernel in Pixel C USB monitor driver\n there is a possible OOB write due to a missing bounds\n check. This could lead to local escalation of privilege\n with System execution privileges needed. User\n interaction is not needed for\n exploitation.(CVE-2019-9456)\n\n - A stack information leak flaw was found in s390/s390x\n in the Linux kernel's memory manager functionality,\n where it incorrectly writes to the\n /proc/sys/vm/cmm_timeout file. This flaw allows a local\n user to see the kernel data.(CVE-2020-10773)\n\n - A pivot_root race condition in fs/namespace.c in the\n Linux kernel 4.4.x before 4.4.221, 4.9.x before\n 4.9.221, 4.14.x before 4.14.178, 4.19.x before\n 4.19.119, and 5.x before 5.3 allows local users to\n cause a denial of service (panic) by corrupting a\n mountpoint reference counter.(CVE-2020-12114)\n\n - An out-of-bounds memory write flaw was found in how the\n Linux kernel's Voice Over IP H.323 connection tracking\n functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to\n crash the system, causing a denial of service. The\n highest threat from this vulnerability is to\n confidentiality, integrity, as well as system\n availability.(CVE-2020-14305)\n\n - Use-after-free vulnerability in fs/block_dev.c in the\n Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging\n improper access to a certain error\n field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)\n\n - A buffer over-read (at the framebuffer layer) in the\n fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)\n\n - In cdev_get of char_dev.c, there is a possible\n use-after-free due to a race condition. This could lead\n to local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - Improper access control in BlueZ may allow an\n unauthenticated user to potentially enable information\n disclosure via adjacent access.(CVE-2020-12352)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1311\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a5285fd5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.62.59.83.h255\",\n \"kernel-debug-3.10.0-327.62.59.83.h255\",\n \"kernel-debug-devel-3.10.0-327.62.59.83.h255\",\n \"kernel-debuginfo-3.10.0-327.62.59.83.h255\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h255\",\n \"kernel-devel-3.10.0-327.62.59.83.h255\",\n \"kernel-headers-3.10.0-327.62.59.83.h255\",\n \"kernel-tools-3.10.0-327.62.59.83.h255\",\n \"kernel-tools-libs-3.10.0-327.62.59.83.h255\",\n \"perf-3.10.0-327.62.59.83.h255\",\n \"python-perf-3.10.0-327.62.59.83.h255\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:16:55", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4752-1 advisory.\n\n - Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. (CVE-2020-10135)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. (CVE-2020-15437)\n\n - Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. (CVE-2020-24490)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-25641)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. (CVE-2020-25704)\n\n - An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9. (CVE-2020-27152)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\n - An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. (CVE-2020-29368)\n\n - An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe. (CVE-2020-29369)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. (CVE-2020-29371)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4752-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10135", "CVE-2020-14314", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-24490", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25704", "CVE-2020-27152", "CVE-2020-27815", "CVE-2020-28588", "CVE-2020-28915", "CVE-2020-29368", "CVE-2020-29369", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-35508"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.6.0-1048-oem"], "id": "UBUNTU_USN-4752-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147982", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4752-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147982);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2020-10135\",\n \"CVE-2020-14314\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-24490\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25704\",\n \"CVE-2020-27152\",\n \"CVE-2020-27815\",\n \"CVE-2020-28588\",\n \"CVE-2020-28915\",\n \"CVE-2020-29368\",\n \"CVE-2020-29369\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-35508\"\n );\n script_xref(name:\"USN\", value:\"4752-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4752-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4752-1 advisory.\n\n - Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2\n and earlier may allow an unauthenticated user to complete authentication without pairing credentials via\n adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or\n slave to pair with a previously paired remote device to successfully complete the authentication procedure\n without knowing the link key. (CVE-2020-10135)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial\n of service by using the p->serial_in pointer which uninitialized. (CVE-2020-15437)\n\n - Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of\n service via adjacent access. This affects all Linux kernel versions that support BlueZ. (CVE-2020-24490)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length\n biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a\n denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block\n device, resulting in a denial of service. The highest threat from this vulnerability is to system\n availability. (CVE-2020-25641)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of\n service. (CVE-2020-25704)\n\n - An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before\n 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering,\n aka CID-77377064c3a9. (CVE-2020-27152)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\n - An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The\n copy-on-write implementation can grant unintended write access because of a race condition in a THP\n mapcount check, aka CID-c444eb564fb1. (CVE-2020-29368)\n\n - An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between\n certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an\n munmap call, aka CID-246c320a8cfe. (CVE-2020-29369)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. (CVE-2020-29371)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4752-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.6.0-1048-oem\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.6.0': {\n 'oem': '5.6.0-1048'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4752-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2020-10135', 'CVE-2020-14314', 'CVE-2020-15436', 'CVE-2020-15437', 'CVE-2020-24490', 'CVE-2020-25212', 'CVE-2020-25284', 'CVE-2020-25641', 'CVE-2020-25643', 'CVE-2020-25704', 'CVE-2020-27152', 'CVE-2020-27815', 'CVE-2020-28588', 'CVE-2020-28915', 'CVE-2020-29368', 'CVE-2020-29369', 'CVE-2020-29371', 'CVE-2020-29660', 'CVE-2020-29661', 'CVE-2020-35508');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4752-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:32", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1578 advisory.\n\n - kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c (CVE-2019-18811)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)\n\n - kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)\n\n - kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)\n\n - kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)\n\n - kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)\n\n - kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)\n\n - kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)\n\n - kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)\n\n - kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)\n\n - kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n - kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)\n\n - kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)\n\n - kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)\n\n - kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n - kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)\n\n - kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)\n\n - kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)\n\n - kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)\n\n - kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322)\n\n - kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-24T00:00:00", "type": "nessus", "title": "CentOS 8 : kernel (CESA-2021:1578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18811", "CVE-2019-19523", "CVE-2019-19528", "CVE-2020-0431", "CVE-2020-11608", "CVE-2020-12114", "CVE-2020-12362", "CVE-2020-12464", "CVE-2020-14314", "CVE-2020-14356", "CVE-2020-15437", "CVE-2020-24394", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25704", "CVE-2020-27786", "CVE-2020-27835", "CVE-2020-28974", "CVE-2020-35508", "CVE-2020-36322", "CVE-2021-0342"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-stablelists", "p-cpe:/a:centos:centos:kernel-core", "p-cpe:/a:centos:centos:kernel-cross-headers", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-core", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-debug-modules", "p-cpe:/a:centos:centos:kernel-debug-modules-extra", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-modules", "p-cpe:/a:centos:centos:kernel-modules-extra", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python3-perf"], "id": "CENTOS8_RHSA-2021-1578.NASL", "href": "https://www.tenable.com/plugins/nessus/149874", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:1578. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149874);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2019-18811\",\n \"CVE-2019-19523\",\n \"CVE-2019-19528\",\n \"CVE-2020-0431\",\n \"CVE-2020-11608\",\n \"CVE-2020-12114\",\n \"CVE-2020-12362\",\n \"CVE-2020-12464\",\n \"CVE-2020-14314\",\n \"CVE-2020-14356\",\n \"CVE-2020-15437\",\n \"CVE-2020-24394\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25643\",\n \"CVE-2020-25704\",\n \"CVE-2020-27786\",\n \"CVE-2020-27835\",\n \"CVE-2020-28974\",\n \"CVE-2020-35508\",\n \"CVE-2020-36322\",\n \"CVE-2021-0342\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1578\");\n\n script_name(english:\"CentOS 8 : kernel (CESA-2021:1578)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:1578 advisory.\n\n - kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c (CVE-2019-18811)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver\n (CVE-2019-19523)\n\n - kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver\n (CVE-2019-19528)\n\n - kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)\n\n - kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in\n drivers/media/usb/gspca/ov519.c (CVE-2020-11608)\n\n - kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)\n\n - kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)\n\n - kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)\n\n - kernel: NULL pointer dereference in serial8250_isa_init_ports function in\n drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)\n\n - kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)\n\n - kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n - kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)\n\n - kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)\n\n - kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow\n (CVE-2020-25643)\n\n - kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n - kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)\n\n - kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)\n\n - kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)\n\n - kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)\n\n - kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322)\n\n - kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege\n (CVE-2021-0342)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1578\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-27786\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2019-18811', 'CVE-2019-19523', 'CVE-2019-19528', 'CVE-2020-0431', 'CVE-2020-11608', 'CVE-2020-12114', 'CVE-2020-12362', 'CVE-2020-12464', 'CVE-2020-14314', 'CVE-2020-14356', 'CVE-2020-15437', 'CVE-2020-24394', 'CVE-2020-25212', 'CVE-2020-25284', 'CVE-2020-25285', 'CVE-2020-25643', 'CVE-2020-25704', 'CVE-2020-27786', 'CVE-2020-27835', 'CVE-2020-28974', 'CVE-2020-35508', 'CVE-2020-36322', 'CVE-2021-0342');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for CESA-2021:1578');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'bpftool-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:18", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1578 advisory.\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. (CVE-2020-11608)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. (CVE-2019-19528)\n\n - usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. (CVE-2020-12464)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. (CVE-2020-24394)\n\n - A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. (CVE-2020-12114)\n\n - A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2020-14356)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. (CVE-2020-25704)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. (CVE-2020-35508)\n\n - A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. (CVE-2019-18811)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. (CVE-2020-15437)\n\n - A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.\n (CVE-2020-27835)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2020-12362)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. (CVE-2020-36322)\n\n - In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327. (CVE-2021-0342)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 (CVE-2020-0431)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-26T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2021-1578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18811", "CVE-2019-19523", "CVE-2019-19528", "CVE-2020-0431", "CVE-2020-11608", "CVE-2020-12114", "CVE-2020-12362", "CVE-2020-12464", "CVE-2020-14314", "CVE-2020-14356", "CVE-2020-15437", "CVE-2020-24394", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25704", "CVE-2020-27786", "CVE-2020-27835", "CVE-2020-28974", "CVE-2020-35508", "CVE-2020-36322", "CVE-2021-0342", "CVE-2021-28950"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-stablelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2021-1578.NASL", "href": "https://www.tenable.com/plugins/nessus/149914", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-1578.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149914);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2019-18811\",\n \"CVE-2019-19523\",\n \"CVE-2019-19528\",\n \"CVE-2020-0431\",\n \"CVE-2020-11608\",\n \"CVE-2020-12114\",\n \"CVE-2020-12362\",\n \"CVE-2020-12464\",\n \"CVE-2020-14314\",\n \"CVE-2020-14356\",\n \"CVE-2020-15437\",\n \"CVE-2020-24394\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25643\",\n \"CVE-2020-25704\",\n \"CVE-2020-27786\",\n \"CVE-2020-27835\",\n \"CVE-2020-28974\",\n \"CVE-2020-35508\",\n \"CVE-2020-36322\",\n \"CVE-2021-0342\"\n );\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2021-1578)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-1578 advisory.\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL\n pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka\n CID-998912346c0d. (CVE-2020-11608)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. (CVE-2019-19528)\n\n - usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because\n a transfer occurs without a reference, aka CID-056ad39ee925. (CVE-2020-12464)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new\n filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the\n current umask is not considered. (CVE-2020-24394)\n\n - A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before\n 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a\n denial of service (panic) by corrupting a mountpoint reference counter. (CVE-2020-12114)\n\n - A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found\n in the way when reboot the system. A local user could use this flaw to crash the system or escalate their\n privileges on the system. (CVE-2020-14356)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of\n service. (CVE-2020-25704)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux\n kernel child/parent process identification handling while filtering signal handlers. A local attacker is\n able to abuse this flaw to bypass checks to send any signal to a privileged process. (CVE-2020-35508)\n\n - A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering\n sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. (CVE-2019-18811)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial\n of service by using the p->serial_in pointer which uninitialized. (CVE-2020-15437)\n\n - A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the\n way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.\n (CVE-2020-27835)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version\n 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an\n escalation of privilege via local access. (CVE-2020-12362)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system\n crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as\n CVE-2021-28950. (CVE-2020-36322)\n\n - In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to\n local escalation of privilege with System execution privileges required. User interaction is not required\n for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327. (CVE-2021-0342)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459\n (CVE-2020-0431)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and\n the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to\n this specific memory while freed and before use causes the flow of execution to change and possibly allow\n for memory corruption or privilege escalation. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-1578.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-27786\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-305.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-1578');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-abi-stablelists-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-stablelists-4.18.0'},\n {'reference':'kernel-core-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-headers-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-11T15:34:27", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-0543)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.(CVE-2019-3900)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.(CVE-2018-9517)\n\n - A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism.\n But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.(CVE-2019-19338)\n\n - There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.(CVE-2020-10690)\n\n - Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.(CVE-2020-12351)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)\n\n - use-after-free read in sunkbd_reinit in drivers/input/keyboard/sunkbd.c(CVE-2020-25669)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-14305)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID:\n 189296.(CVE-2020-4788)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.(CVE-2020-25704)\n\n - An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1684)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-9517", "CVE-2019-11135", "CVE-2019-19338", "CVE-2019-20934", "CVE-2019-3900", "CVE-2020-0543", "CVE-2020-10690", "CVE-2020-12351", "CVE-2020-14305", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:kernel-devel"], "id": "EULEROS_SA-2021-1684.NASL", "href": "https://www.tenable.com/plugins/nessus/148041", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148041);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-9517\",\n \"CVE-2019-3900\",\n \"CVE-2019-19338\",\n \"CVE-2019-20934\",\n \"CVE-2020-0543\",\n \"CVE-2020-4788\",\n \"CVE-2020-10690\",\n \"CVE-2020-12351\",\n \"CVE-2020-14305\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29370\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1684)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c in the\n Linux kernel through 5.10.4 might allow remote\n attackers to execute arbitrary code via a long SSID\n value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - Incomplete cleanup from specific special register read\n operations in some Intel(R) Processors may allow an\n authenticated user to potentially enable information\n disclosure via local access.(CVE-2020-0543)\n\n - An infinite loop issue was found in the vhost_net\n kernel module in Linux Kernel up to and including\n v5.1-rc6, while handling incoming packets in\n handle_rx(). It could occur if one end sends packets\n faster than the other end can process them. A guest\n user, maybe remote one, could use this flaw to stall\n the vhost_net kernel thread, resulting in a DoS\n scenario.(CVE-2019-3900)\n\n - In pppol2tp_connect, there is possible memory\n corruption due to a use after free. This could lead to\n local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation. Product: Android. Versions: Android\n kernel. Android ID: A-38159931.(CVE-2018-9517)\n\n - A flaw was found in the fix for CVE-2019-11135, in the\n Linux upstream kernel versions before 5.5 where, the\n way Intel CPUs handle speculative execution of\n instructions when a TSX Asynchronous Abort (TAA) error\n occurs. When a guest is running on a host CPU affected\n by the TAA flaw (TAA_NO=0), but is not affected by the\n MDS issue (MDS_NO=1), the guest was to clear the\n affected buffers by using a VERW instruction mechanism.\n But when the MDS_NO=1 bit was exported to the guests,\n the guests did not use the VERW mechanism to clear the\n affected buffers. This issue affects guests running on\n Cascade Lake CPUs and requires that host has 'TSX'\n enabled. Confidentiality of data is the highest threat\n associated with this vulnerability.(CVE-2019-19338)\n\n - There is a use-after-free in kernel versions before 5.5\n due to a race condition between the release of\n ptp_clock and cdev while resource deallocation. When a\n (high privileged) process allocates a ptp device file\n (like /dev/ptpX) and voluntarily goes to sleep. During\n this time if the underlying device is removed, it can\n cause an exploitable condition as the process wakes up\n to terminate and clean all attached files. The system\n crashes due to the cdev structure being invalid (as\n already freed) which is pointed to by the\n inode.(CVE-2020-10690)\n\n - Improper input validation in BlueZ may allow an\n unauthenticated user to potentially enable escalation\n of privilege via adjacent access.(CVE-2020-12351)\n\n - A flaw was found in the Linux kernels implementation of\n MIDI, where an attacker with a local account and the\n permissions to issue an ioctl commands to midi devices,\n could trigger a use-after-free. A write to this\n specific memory while freed and before use could cause\n the flow of execution to change and possibly allow for\n memory corruption or privilege\n escalation.(CVE-2020-27786)\n\n - use-after-free read in sunkbd_reinit in\n drivers/input/keyboard/sunkbd.c(CVE-2020-25669)\n\n - A flaw was found in the way RTAS handled memory\n accesses in userspace to kernel communication. On a\n locked down (usually due to Secure Boot) guest system\n running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to\n further increase their privileges to that of a running\n kernel.(CVE-2020-27777)\n\n - A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - An out-of-bounds memory write flaw was found in how the\n Linux kernel's Voice Over IP H.323 connection tracking\n functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to\n crash the system, causing a denial of service. The\n highest threat from this vulnerability is to\n confidentiality, integrity, as well as system\n availability.(CVE-2020-14305)\n\n - An issue was discovered in the Linux kernel before\n 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault\n statistics are inappropriately freed, aka\n CID-16d51a590a8c.(CVE-2019-20934)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors\n could allow a local user to obtain sensitive\n information from the data in the L1 cache under\n extenuating circumstances. IBM X-Force ID:\n 189296.(CVE-2020-4788)\n\n - A flaw memory leak in the Linux kernel performance\n monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this\n flaw to starve the resources causing denial of\n service.(CVE-2020-25704)\n\n - An issue was discovered in kmem_cache_alloc_bulk in\n mm/slub.c in the Linux kernel before 5.5.11. The\n slowpath lacks the required TID increment, aka\n CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)\n\n - A buffer over-read (at the framebuffer layer) in the\n fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)\n\n - An issue was discovered in romfs_dev_read in\n fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - Use-after-free vulnerability in fs/block_dev.c in the\n Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging\n improper access to a certain error\n field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1684\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0a74b185\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14305\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h520.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:10:32", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).\n\nCVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395).\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663).\n\nCVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation (bnc#1105322).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-16T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0452-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10902", "CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-11668", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25211", "CVE-2020-25285", "CVE-2020-25669", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-27835", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788", "CVE-2021-3347"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_138-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_138-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0452-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146511", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0452-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146511);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2018-10902\",\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-11668\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25211\",\n \"CVE-2020-25285\",\n \"CVE-2020-25669\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-27835\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\",\n \"CVE-2021-3347\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0452-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes\nduring fault handling, allowing local users to execute code in the\nkernel (bnc#1181349).\n\nCVE-2020-25211: Fixed a buffer overflow in\nctnetlink_parse_tuple_filter() which could be triggered by a local\nattackers by injecting conntrack netlink configuration (bnc#1176395).\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was\nfound, specifically in the way user calls Ioctl after open dev file\nand fork. A local user could use this flaw to crash the system\n(bnc#1179878).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information\nleaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing\nwatch events (bnc#1179508).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI\nimplementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the\nXirlink camera USB driver (bnc#1168952).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers\nin mm/hugetlb.c (bnc#1176485).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed (bsc#1179663).\n\nCVE-2018-10902: It was found that the raw midi kernel driver did not\nprotect against concurrent access which leads to a double realloc\n(double free) in snd_rawmidi_input_params() and\nsnd_rawmidi_output_status() which are part of snd_rawmidi_ioctl()\nhandler in rawmidi.c file. A malicious local attacker could possibly\nuse this for privilege escalation (bnc#1105322).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=969755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-10902/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25211/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25285/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27835/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29568/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29569/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3347/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210452-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5c68770\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-452=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2021-452=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2021-452=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-452=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-452=1\n\nSUSE Linux Enterprise High Availability 12-SP3 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP3-2021-452=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2021-452=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2021-452=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_138-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_138-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-kgraft-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_138-default-1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_138-default-debuginfo-1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.180-94.138.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:09:27", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).\n\nCVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact (bnc#1176485 ).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service (bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).\n\nCVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663).\n\nCVE-2019-19063: Fixed two memory leaks in the rtl_usb_probe() which could eventually have allowed attackers to cause a denial of service (memory consumption) (bnc#1157298 ).\n\nCVE-2019-6133: Fixed an issue where the 'start time' protection mechanism could have been bypassed and therefore authorization decisions are improperly cached (bsc#1128172).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0437-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19063", "CVE-2019-20934", "CVE-2019-6133", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-11668", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25211", "CVE-2020-25285", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-27068", "CVE-2020-27673", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2021-3347"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_149-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0437-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146476", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0437-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146476);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2019-6133\",\n \"CVE-2019-19063\",\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-11668\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25211\",\n \"CVE-2020-25285\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-27068\",\n \"CVE-2020-27673\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\",\n \"CVE-2021-3347\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0437-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes\nduring fault handling, allowing local users to execute code in the\nkernel (bnc#1181349).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information\nleaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing\nwatch events (bnc#1179508).\n\nCVE-2020-25211: Fixed a flaw where a local attacker was able to inject\nconntrack netlink configuration that could cause a denial of service\nor trigger the use of incorrect protocol numbers in\nctnetlink_parse_tuple_filter (bnc#1176395).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI\nimplementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-25285: A race condition between hugetlb sysctl handlers in\nmm/hugetlb.c could be used by local attackers to corrupt memory, cause\na NULL pointer dereference, or possibly have unspecified other impact\n(bnc#1176485 ).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service (bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the\nXirlink camera USB driver (bnc#1168952).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).\n\nCVE-2020-27673: Fixed an issue where rogue guests could have caused\ndenial of service of Dom0 via high frequency events (XSA-332\nbsc#1177411)\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed (bsc#1179663).\n\nCVE-2019-19063: Fixed two memory leaks in the rtl_usb_probe() which\ncould eventually have allowed attackers to cause a denial of service\n(memory consumption) (bnc#1157298 ).\n\nCVE-2019-6133: Fixed an issue where the 'start time' protection\nmechanism could have been bypassed and therefore authorization\ndecisions are improperly cached (bsc#1128172).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=969755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19063/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-6133/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25211/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25285/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29568/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29569/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3347/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210437-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d1eb94b\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2021-437=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2021-437=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-437=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-437=1\n\nSUSE Linux Enterprise High Availability 12-SP2 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP2-2021-437=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_149-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_149-default-1-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.121-92.149.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.121-92.149.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.121-92.149.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.121-92.149.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.121-92.149.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.121-92.149.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.121-92.149.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.121-92.149.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:15", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1739 advisory.\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)\n\n - kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)\n\n - kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)\n\n - kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)\n\n - kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)\n\n - kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)\n\n - kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)\n\n - kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)\n\n - kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)\n\n - kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n - kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)\n\n - kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)\n\n - kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)\n\n - kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n - kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)\n\n - kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)\n\n - kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)\n\n - kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)\n\n - kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342)\n\n - kernel: In pfkey_dump() dplen and splen can both be specified to access the xfrm_address_t structure out of bounds (CVE-2021-0605)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2021:1739)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19523", "CVE-2019-19528", "CVE-2020-0431", "CVE-2020-11608", "CVE-2020-12114", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-12464", "CVE-2020-14314", "CVE-2020-14356", "CVE-2020-15437", "CVE-2020-24394", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25704", "CVE-2020-27786", "CVE-2020-27835", "CVE-2020-28974", "CVE-2020-35508", "CVE-2021-0342", "CVE-2021-0605"], "modified": "2023-01-23T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules"], "id": "REDHAT-RHSA-2021-1739.NASL", "href": "https://www.tenable.com/plugins/nessus/149660", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1739. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149660);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-19523\",\n \"CVE-2019-19528\",\n \"CVE-2020-0431\",\n \"CVE-2020-11608\",\n \"CVE-2020-12114\",\n \"CVE-2020-12362\",\n \"CVE-2020-12464\",\n \"CVE-2020-14314\",\n \"CVE-2020-14356\",\n \"CVE-2020-15437\",\n \"CVE-2020-24394\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25643\",\n \"CVE-2020-25704\",\n \"CVE-2020-27786\",\n \"CVE-2020-27835\",\n \"CVE-2020-28974\",\n \"CVE-2020-35508\",\n \"CVE-2021-0342\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1739\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2021:1739)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1739 advisory.\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver\n (CVE-2019-19523)\n\n - kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver\n (CVE-2019-19528)\n\n - kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)\n\n - kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in\n drivers/media/usb/gspca/ov519.c (CVE-2020-11608)\n\n - kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)\n\n - kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)\n\n - kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)\n\n - kernel: NULL pointer dereference in serial8250_isa_init_ports function in\n drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)\n\n - kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)\n\n - kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n - kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)\n\n - kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)\n\n - kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow\n (CVE-2020-25643)\n\n - kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n - kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)\n\n - kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)\n\n - kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)\n\n - kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)\n\n - kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege\n (CVE-2021-0342)\n\n - kernel: In pfkey_dump() dplen and splen can both be specified to access the xfrm_address_t structure out\n of bounds (CVE-2021-0605)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24394\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27835\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-0342\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-0605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1833445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1848652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1868453\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1869141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1877575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1882591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1882594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1902724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1915799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1919889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1974823\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-27786\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 125, 190, 284, 362, 367, 400, 401, 416, 476, 665, 732);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-19523', 'CVE-2019-19528', 'CVE-2020-0431', 'CVE-2020-11608', 'CVE-2020-12114', 'CVE-2020-12362', 'CVE-2020-12363', 'CVE-2020-12364', 'CVE-2020-12464', 'CVE-2020-14314', 'CVE-2020-14356', 'CVE-2020-15437', 'CVE-2020-24394', 'CVE-2020-25212', 'CVE-2020-25284', 'CVE-2020-25285', 'CVE-2020-25643', 'CVE-2020-25704', 'CVE-2020-27786', 'CVE-2020-27835', 'CVE-2020-28974', 'CVE-2020-35508', 'CVE-2021-0342', 'CVE-2021-0605');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:1739');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-305.rt7.72.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-305.rt7.72.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-305.rt7.72.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-305.rt7.72.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-305.rt7.72.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-305.rt7.72.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-305.rt7.72.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-305.rt7.72.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-305.rt7.72.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-305.rt7.72.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-305.rt7.72.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-305.rt7.72.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-305.rt7.72.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-305.rt7.72.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-305.rt7.72.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-305.rt7.72.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-305.rt7.72.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-305.rt7.72.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-305.rt7.72.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-305.rt7.72.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-305.rt7.72.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-305.rt7.72.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-305.rt7.72.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-305.rt7.72.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-305.rt7.72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-305.rt7.72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-305.rt7.72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-305.rt7.72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-305.rt7.72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-305.rt7.72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-305.rt7.72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-305.rt7.72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-305.rt7.72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-305.rt7.72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-305.rt7.72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-305.rt7.72.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-26T15:30:54", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed.(CVE-2020-0466)In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed.(CVE-2020-27067)In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.(CVE-2020-27068)In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed.(CVE-2020-0444)In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.(CVE-2020-0465)Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)Array index out of bounds access when setting extended attributes on journaling filesystems.(CVE-2020-27815)NULL-ptr deref in the spk_ttyio_receive_buf2() function in spk_ttyio.c(CVE-2020-27830)An issue was discovered in\n __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.(CVE-2020-29368)An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095.\n This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974) An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.(CVE-2020-27673)An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.(CVE-2020-28941)An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.(CVE-2020-27675)A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue.(CVE-2020-25705)race condition in fg_console can lead to use-after-free in con_font_op.(CVE-2020-25668)use-after-free read in sunkbd_reinit in drivers/input/keyboard/sunkbd.c.(CVE-2020-25669)A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1028)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-14351", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25705", "CVE-2020-27067", "CVE-2020-27068", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27815", "CVE-2020-27830", "CVE-2020-28915", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-29368", "CVE-2020-29370", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1028.NASL", "href": "https://www.tenable.com/plugins/nessus/144693", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144693);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-14351\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25705\",\n \"CVE-2020-27067\",\n \"CVE-2020-27068\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27815\",\n \"CVE-2020-27830\",\n \"CVE-2020-28915\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\",\n \"CVE-2020-29368\",\n \"CVE-2020-29370\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1028)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):In do_epoll_ctl and\n ep_loop_check_proc of eventpoll.c, there is a possible\n use after free due to a logic error. This could lead to\n local escalation of privilege with no additional\n execution privileges needed.(CVE-2020-0466)In the l2tp\n subsystem, there is a possible use after free due to a\n race condition. This could lead to local escalation of\n privilege with System execution privileges\n needed.(CVE-2020-27067)In the nl80211_policy policy of\n nl80211.c, there is a possible out of bounds read due\n to a missing bounds check. This could lead to local\n information disclosure with System execution privileges\n needed.(CVE-2020-27068)In audit_free_lsm_field of\n auditfilter.c, there is a possible bad kfree due to a\n logic error in audit_data_to_entry. This could lead to\n local escalation of privilege with no additional\n execution privileges needed.(CVE-2020-0444)In various\n methods of hid-multitouch.c, there is a possible out of\n bounds write due to a missing bounds check. This could\n lead to local escalation of privilege with no\n additional execution privileges\n needed.(CVE-2020-0465)Use-after-free vulnerability in\n fs/block_dev.c in the Linux kernel before 5.8 allows\n local users to gain privileges or cause a denial of\n service by leveraging improper access to a certain\n error field.(CVE-2020-15436)The Linux kernel before\n version 5.8 is vulnerable to a NULL pointer dereference\n in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)A flaw was found in the\n Linux kernels implementation of MIDI, where an attacker\n with a local account and the permissions to issue an\n ioctl commands to midi devices, could trigger a\n use-after-free. A write to this specific memory while\n freed and before use could cause the flow of execution\n to change and possibly allow for memory corruption or\n privilege escalation.(CVE-2020-27786)Array index out of\n bounds access when setting extended attributes on\n journaling filesystems.(CVE-2020-27815)NULL-ptr deref\n in the spk_ttyio_receive_buf2() function in\n spk_ttyio.c(CVE-2020-27830)An issue was discovered in\n __split_huge_pmd in mm/huge_memory.c in the Linux\n kernel before 5.7.5. The copy-on-write implementation\n can grant unintended write access because of a race\n condition in a THP mapcount check, aka\n CID-c444eb564fb1.(CVE-2020-29368)An issue was\n discovered in kmem_cache_alloc_bulk in mm/slub.c in the\n Linux kernel before 5.5.11. The slowpath lacks the\n required TID increment, aka\n CID-fd4d9c7d0c71.(CVE-2020-29370)An issue was\n discovered in romfs_dev_read in fs/romfs/storage.c in\n the Linux kernel before 5.8.4. Uninitialized memory\n leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)A locking\n inconsistency issue was discovered in the tty subsystem\n of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)A locking issue was\n discovered in the tty subsystem of the Linux kernel\n through 5.9.13. drivers/tty/tty_jobctrl.c allows a\n use-after-free attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)A slab-out-of-bounds\n read in fbcon in the Linux kernel before 5.9.7 could be\n used by local attackers to read privileged information\n or potentially crash the kernel, aka CID-3c4e0dff2095.\n This occurs because KD_FONT_OP_COPY in\n drivers/tty/vt/vt.c can be used for manipulations such\n as font height.(CVE-2020-28974) An issue was discovered\n in the Linux kernel through 5.9.1, as used with Xen\n through 4.14.x. Guest OS users can cause a denial of\n service (host OS hang) via a high rate of events to\n dom0, aka CID-e99502f76271.(CVE-2020-27673)An issue was\n discovered in drivers/accessibility/speakup/spk_ttyio.c\n in the Linux kernel through 5.9.9. Local attackers on\n systems with the speakup driver could cause a local\n denial of service attack, aka CID-d41227544427. This\n occurs because of an invalid free when the line\n discipline is used more than once.(CVE-2020-28941)An\n issue was discovered in the Linux kernel through 5.9.1,\n as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel\n removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL\n pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized\n device, aka CID-073d0552ead5.(CVE-2020-27675)A buffer\n over-read (at the framebuffer layer) in the fbcon code\n in the Linux kernel before 5.8.15 could be used by\n local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)A flaw was found in\n the Linux kernel. A use-after-free memory flaw was\n found in the perf subsystem allowing a local attacker\n with permission to monitor perf events to corrupt\n memory and possibly escalate privileges. The highest\n threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-14351)A flaw in the way reply\n ICMP packets are limited in the Linux kernel\n functionality was found that allows to quickly scan\n open UDP ports. This flaw allows an off-path remote\n user to effectively bypassing source port UDP\n randomization. The highest threat from this\n vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source\n port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this\n issue.(CVE-2020-25705)race condition in fg_console can\n lead to use-after-free in\n con_font_op.(CVE-2020-25668)use-after-free read in\n sunkbd_reinit in\n drivers/input/keyboard/sunkbd.c.(CVE-2020-25669)A flaw\n was found in the way RTAS handled memory accesses in\n userspace to kernel communication. On a locked down\n (usually due to Secure Boot) guest system running on\n top of PowerVM or KVM hypervisors (pseries platform) a\n root like local user could use this flaw to further\n increase their privileges to that of a running\n kernel.(CVE-2020-27777)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1028\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fa172c1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.90-vhulk2011.1.0.h352.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2011.1.0.h352.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2011.1.0.h352.eulerosv2r9\",\n \"python3-perf-4.19.90-vhulk2011.1.0.h352.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:02", "description": "The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could be triggered by local attackers (with access to the nbd device) via an I/O request (bnc#1181504).\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).\n\nCVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395).\n\nCVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0434-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25211", "CVE-2020-25639", "CVE-2020-25669", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-27835", "CVE-2020-28374", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788", "CVE-2021-3347", "CVE-2021-3348"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0434-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146470", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0434-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146470);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25211\",\n \"CVE-2020-25639\",\n \"CVE-2020-25669\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-27835\",\n \"CVE-2020-28374\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\",\n \"CVE-2021-3347\",\n \"CVE-2021-3348\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0434-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could\nbe triggered by local attackers (with access to the nbd device) via an\nI/O request (bnc#1181504).\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes\nduring fault handling, allowing local users to execute code in the\nkernel (bnc#1181349).\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was\nfound, specifically in the way user calls Ioctl after open dev file\nand fork. A local user could use this flaw to crash the system\n(bnc#1179878).\n\nCVE-2020-25211: Fixed a buffer overflow in\nctnetlink_parse_tuple_filter() which could be triggered by a local\nattackers by injecting conntrack netlink configuration (bnc#1176395).\n\nCVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl\n(bnc#1176846).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information\nleaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing\nwatch events (bnc#1179508).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI\nimplementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed (bsc#1179663).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25211/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25639/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27835/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29568/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29569/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3347/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3348/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210434-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c9d81a27\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-434=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2021-434=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2021-434=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-434=1\n\nSUSE Linux Enterprise Live Patching 12-SP4 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-434=1\n\nSUSE Linux Enterprise High Availability 12-SP4 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP4-2021-434=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-95.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-4.12.14-95.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-4.12.14-95.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-debuginfo-4.12.14-95.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debuginfo-4.12.14-95.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debugsource-4.12.14-95.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-devel-4.12.14-95.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-syms-4.12.14-95.68.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:09:55", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.(CVE-2020-10773)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9458)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-14305)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)\n\n - An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.(CVE-2020-12352)\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)\n\n - An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user 'root' with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g.\n cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.(CVE-2019-3701)\n\n - In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9456)\n\n - A pivot_root race condition in fs/ namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.(CVE-2020-12114)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-151939299(CVE-2020-0433)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/ netfilter/ nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.(CVE-2020-25211)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2019-3701", "CVE-2019-9456", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-0431", "CVE-2020-0433", "CVE-2020-10773", "CVE-2020-12114", "CVE-2020-12352", "CVE-2020-14305", "CVE-2020-14314", "CVE-2020-14351", "CVE-2020-14386", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25211", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661"], "modified": "2021-01-22T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1079.NASL", "href": "https://www.tenable.com/plugins/nessus/145201", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145201);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2019-3701\",\n \"CVE-2019-9456\",\n \"CVE-2019-9458\",\n \"CVE-2020-0305\",\n \"CVE-2020-0431\",\n \"CVE-2020-0433\",\n \"CVE-2020-10773\",\n \"CVE-2020-12114\",\n \"CVE-2020-12352\",\n \"CVE-2020-14305\",\n \"CVE-2020-14314\",\n \"CVE-2020-14351\",\n \"CVE-2020-14386\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25211\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29370\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A stack information leak flaw was found in s390/s390x\n in the Linux kernel's memory manager functionality,\n where it incorrectly writes to the\n /proc/sys/vm/cmm_timeout file. This flaw allows a local\n user to see the kernel data.(CVE-2020-10773)\n\n - In the Android kernel in the video driver there is a\n use after free due to a race condition. This could lead\n to local escalation of privilege with no additional\n execution privileges needed. User interaction is not\n needed for exploitation.(CVE-2019-9458)\n\n - An issue was discovered in the Linux kernel before\n 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault\n statistics are inappropriately freed, aka\n CID-16d51a590a8c.(CVE-2019-20934)\n\n - A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An out-of-bounds memory write flaw was found in how the\n Linux kernel's Voice Over IP H.323 connection tracking\n functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to\n crash the system, causing a denial of service. The\n highest threat from this vulnerability is to\n confidentiality, integrity, as well as system\n availability.(CVE-2020-14305)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - An issue was discovered in romfs_dev_read in\n fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - Use-after-free vulnerability in fs/block_dev.c in the\n Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging\n improper access to a certain error\n field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)\n\n - An issue was discovered in kmem_cache_alloc_bulk in\n mm/slub.c in the Linux kernel before 5.5.11. The\n slowpath lacks the required TID increment, aka\n CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-14351)\n\n - A buffer over-read (at the framebuffer layer) in the\n fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)\n\n - Improper access control in BlueZ may allow an\n unauthenticated user to potentially enable information\n disclosure via adjacent access.(CVE-2020-12352)\n\n - In cdev_get of char_dev.c, there is a possible\n use-after-free due to a race condition. This could lead\n to local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - A flaw was found in the HDLC_PPP module of the Linux\n kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input\n validation in the ppp_cp_parse_cr function which can\n cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-25643)\n\n - An issue was discovered in can_can_gw_rcv in\n net/can/gw.c in the Linux kernel through 4.19.13. The\n CAN frame modification rules allow bitwise logical\n operations that can be also applied to the can_dlc\n field. The privileged user 'root' with CAP_NET_ADMIN\n can create a CAN frame modification rule that makes the\n data length code a higher value than the available CAN\n frame data size. In combination with a configured\n checksum calculation where the result is stored\n relatively to the end of the data (e.g.\n cgw_csum_xor_rel) the tail of the skb (e.g. frag_list\n pointer in skb_shared_info) can be rewritten which\n finally can cause a system crash. Because of a missing\n check, the CAN drivers may write arbitrary content\n beyond the data registers in the CAN controller's I/O\n memory when processing can-gw manipulated outgoing\n frames.(CVE-2019-3701)\n\n - In the Android kernel in Pixel C USB monitor driver\n there is a possible OOB write due to a missing bounds\n check. This could lead to local escalation of privilege\n with System execution privileges needed. User\n interaction is not needed for\n exploitation.(CVE-2019-9456)\n\n - A pivot_root race condition in fs/ namespace.c in the\n Linux kernel 4.4.x before 4.4.221, 4.9.x before\n 4.9.221, 4.14.x before 4.14.178, 4.19.x before\n 4.19.119, and 5.x before 5.3 allows local users to\n cause a denial of service (panic) by corrupting a\n mountpoint reference counter.(CVE-2020-12114)\n\n - A flaw was found in the Linux kernel in versions before\n 5.9-rc7. Traffic between two Geneve endpoints may be\n unencrypted when IPsec is configured to encrypt traffic\n for the specific UDP port used by the GENEVE tunnel\n allowing anyone between the two endpoints to read the\n traffic unencrypted. The main threat from this\n vulnerability is to data\n confidentiality.(CVE-2020-25645)\n\n - In kbd_keycode of keyboard.c, there is a possible out\n of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is\n a possible use after free due to improper locking. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-151939299(CVE-2020-0433)\n\n - In the Linux kernel through 5.8.7, local attackers able\n to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering\n use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/ netfilter/\n nf_conntrack_netlink.c, aka\n CID-1cc5ef91d2ff.(CVE-2020-25211)\n\n - A memory out-of-bounds read flaw was found in the Linux\n kernel before 5.9-rc2 with the ext3/ext4 file system,\n in the way it accesses a directory with broken\n indexing. This flaw allows a local user to crash the\n system if the directory exists. The highest threat from\n this vulnerability is to system\n availability.(CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux\n kernel before 5.8.3 could be used by local attackers to\n corrupt memory or possibly have unspecified other\n impact because a size check is in fs/ nfs/ nfs4proc.c\n instead of fs/ nfs/ nfs4xdr.c, aka\n CID-b4487b935452.(CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in\n the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which\n could be leveraged by local attackers to map or unmap\n rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in\n mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL\n pointer dereference, or possibly have unspecified other\n impact, aka CID-17743798d812.(CVE-2020-25285)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root\n privileges from unprivileged processes. The highest\n threat from this vulnerability is to data\n confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1079\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?83f9eb52\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10.h296\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h296\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h296\",\n \"kernel-devel-3.10.0-514.44.5.10.h296\",\n \"kernel-headers-3.10.0-514.44.5.10.h296\",\n \"kernel-tools-3.10.0-514.44.5.10.h296\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h296\",\n \"perf-3.10.0-514.44.5.10.h296\",\n \"python-perf-3.10.0-514.44.5.10.h296\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:18:18", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1578 advisory.\n\n - kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c (CVE-2019-18811)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)\n\n - kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)\n\n - kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)\n\n - kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)\n\n - kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)\n\n - kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)\n\n - kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)\n\n - kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)\n\n - kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)\n\n - kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n - kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)\n\n - kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)\n\n - kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)\n\n - kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n - kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)\n\n - kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)\n\n - kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)\n\n - kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)\n\n - kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322)\n\n - kernel: race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys, causing a use-after- free in con_shutdown(). (CVE-2020-36557)\n\n - kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342)\n\n - kernel: In pfkey_dump() dplen and splen can both be specified to access the xfrm_address_t structure out of bounds (CVE-2021-0605)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2021:1578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18811", "CVE-2019-19523", "CVE-2019-19528", "CVE-2020-0431", "CVE-2020-11608", "CVE-2020-12114", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-12464", "CVE-2020-14314", "CVE-2020-14356", "CVE-2020-15437", "CVE-2020-24394", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25704", "CVE-2020-27786", "CVE-2020-27835", "CVE-2020-28974", "CVE-2020-35508", "CVE-2020-36322", "CVE-2020-36557", "CVE-2021-0342", "CVE-2021-0605"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2021-1578.NASL", "href": "https://www.tenable.com/plugins/nessus/149670", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1578. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149670);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2019-18811\",\n \"CVE-2019-19523\",\n \"CVE-2019-19528\",\n \"CVE-2020-0431\",\n \"CVE-2020-11608\",\n \"CVE-2020-12114\",\n \"CVE-2020-12362\",\n \"CVE-2020-12464\",\n \"CVE-2020-14314\",\n \"CVE-2020-14356\",\n \"CVE-2020-15437\",\n \"CVE-2020-24394\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25643\",\n \"CVE-2020-25704\",\n \"CVE-2020-27786\",\n \"CVE-2020-27835\",\n \"CVE-2020-28974\",\n \"CVE-2020-35508\",\n \"CVE-2020-36322\",\n \"CVE-2021-0342\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1578\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2021:1578)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1578 advisory.\n\n - kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c (CVE-2019-18811)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver\n (CVE-2019-19523)\n\n - kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver\n (CVE-2019-19528)\n\n - kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)\n\n - kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in\n drivers/media/usb/gspca/ov519.c (CVE-2020-11608)\n\n - kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)\n\n - kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)\n\n - kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)\n\n - kernel: NULL pointer dereference in serial8250_isa_init_ports function in\n drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)\n\n - kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)\n\n - kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n - kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)\n\n - kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)\n\n - kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow\n (CVE-2020-25643)\n\n - kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n - kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)\n\n - kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)\n\n - kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)\n\n - kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)\n\n - kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322)\n\n - kernel: race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys, causing a use-after-\n free in con_shutdown(). (CVE-2020-36557)\n\n - kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege\n (CVE-2021-0342)\n\n - kernel: In pfkey_dump() dplen and splen can both be specified to access the xfrm_address_t structure out\n of bounds (CVE-2021-0605)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24394\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27835\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-0342\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-0605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1777455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1833445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1848652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1853922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1868453\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1869141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1877575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1882591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1882594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1902724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1915799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1919889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1949560\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1974823\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2112688\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-27786\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 125, 190, 284, 362, 367, 400, 401, 416, 459, 476, 665, 732);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-18811', 'CVE-2019-19523', 'CVE-2019-19528', 'CVE-2020-0431', 'CVE-2020-11608', 'CVE-2020-12114', 'CVE-2020-12362', 'CVE-2020-12363', 'CVE-2020-12364', 'CVE-2020-12464', 'CVE-2020-14314', 'CVE-2020-14356', 'CVE-2020-15437', 'CVE-2020-24394', 'CVE-2020-25212', 'CVE-2020-25284', 'CVE-2020-25285', 'CVE-2020-25643', 'CVE-2020-25704', 'CVE-2020-27786', 'CVE-2020-27835', 'CVE-2020-28974', 'CVE-2020-35508', 'CVE-2020-36322', 'CVE-2020-36557', 'CVE-2021-0342', 'CVE-2021-0605');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:1578');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.el8', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.el8', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-305.el8', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-305.el8', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-305.el8', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-305.el8', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-305.el8', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.el8', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.el8', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-305.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-305.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-305.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-305.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-305.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.el8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-305.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-305.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-305.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-305.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-305.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-11T15:31:49", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1578 advisory.\n\n - A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. (CVE-2019-18811)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. (CVE-2019-19528)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 (CVE-2020-0431)\n\n - An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. (CVE-2020-11608)\n\n - A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. (CVE-2020-12114)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12364)\n\n - usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. (CVE-2020-12464)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2020-14356)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. (CVE-2020-15437)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. (CVE-2020-24394)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. (CVE-2020-25704)\n\n - A flaw was found in the Linux kernel's implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\n - A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.\n (CVE-2020-27835)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. (CVE-2020-35508)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. (CVE-2020-36322)\n\n - In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327. (CVE-2021-0342)\n\n - In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476 (CVE-2021-0605)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel (ALSA-2021:1578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18811", "CVE-2019-19523", "CVE-2019-19528", "CVE-2020-0431", "CVE-2020-11608", "CVE-2020-12114", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-12464", "CVE-2020-14314", "CVE-2020-14356", "CVE-2020-15437", "CVE-2020-24394", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25704", "CVE-2020-27786", "CVE-2020-27835", "CVE-2020-28974", "CVE-2020-35508", "CVE-2020-36322", "CVE-2021-0342", "CVE-2021-0605", "CVE-2021-28950"], "modified": "2023-11-10T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bpftool", "p-cpe:/a:alma:linux:kernel", "p-cpe:/a:alma:linux:kernel-abi-stablelists", "p-cpe:/a:alma:linux:kernel-core", "p-cpe:/a:alma:linux:kernel-cross-headers", "p-cpe:/a:alma:linux:kernel-debug", "p-cpe:/a:alma:linux:kernel-debug-core", "p-cpe:/a:alma:linux:kernel-debug-devel", "p-cpe:/a:alma:linux:kernel-debug-modules", "p-cpe:/a:alma:linux:kernel-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-devel", "p-cpe:/a:alma:linux:kernel-headers", "p-cpe:/a:alma:linux:kernel-modules", "p-cpe:/a:alma:linux:kernel-modules-extra", "p-cpe:/a:alma:linux:kernel-tools", "p-cpe:/a:alma:linux:kernel-tools-libs", "p-cpe:/a:alma:linux:kernel-tools-libs-devel", "p-cpe:/a:alma:linux:perf", "p-cpe:/a:alma:linux:python3-perf", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-1578.NASL", "href": "https://www.tenable.com/plugins/nessus/157595", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:1578.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157595);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/10\");\n\n script_cve_id(\n \"CVE-2019-18811\",\n \"CVE-2019-19523\",\n \"CVE-2019-19528\",\n \"CVE-2020-0431\",\n \"CVE-2020-11608\",\n \"CVE-2020-12114\",\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\",\n \"CVE-2020-12464\",\n \"CVE-2020-14314\",\n \"CVE-2020-14356\",\n \"CVE-2020-15437\",\n \"CVE-2020-24394\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25643\",\n \"CVE-2020-25704\",\n \"CVE-2020-27786\",\n \"CVE-2020-27835\",\n \"CVE-2020-28974\",\n \"CVE-2020-35508\",\n \"CVE-2020-36322\",\n \"CVE-2021-0342\",\n \"CVE-2021-0605\"\n );\n script_xref(name:\"ALSA\", value:\"2021:1578\");\n\n script_name(english:\"AlmaLinux 8 : kernel (ALSA-2021:1578)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:1578 advisory.\n\n - A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering\n sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. (CVE-2019-18811)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. (CVE-2019-19528)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459\n (CVE-2020-0431)\n\n - An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL\n pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka\n CID-998912346c0d. (CVE-2020-11608)\n\n - A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before\n 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a\n denial of service (panic) by corrupting a mountpoint reference counter. (CVE-2020-12114)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version\n 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an\n escalation of privilege via local access. (CVE-2020-12362)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via\n local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of\n service via local access. (CVE-2020-12364)\n\n - usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because\n a transfer occurs without a reference, aka CID-056ad39ee925. (CVE-2020-12464)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found\n in the way when reboot the system. A local user could use this flaw to crash the system or escalate their\n privileges on the system. (CVE-2020-14356)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial\n of service by using the p->serial_in pointer which uninitialized. (CVE-2020-15437)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new\n filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the\n current umask is not considered. (CVE-2020-24394)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of\n service. (CVE-2020-25704)\n\n - A flaw was found in the Linux kernel's implementation of MIDI, where an attacker with a local account and\n the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to\n this specific memory while freed and before use causes the flow of execution to change and possibly allow\n for memory corruption or privilege escalation. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\n - A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the\n way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.\n (CVE-2020-27835)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux\n kernel child/parent process identification handling while filtering signal handlers. A local attacker is\n able to abuse this flaw to bypass checks to send any signal to a privileged process. (CVE-2020-35508)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system\n crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as\n CVE-2021-28950. (CVE-2020-36322)\n\n - In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to\n local escalation of privilege with System execution privileges required. User interaction is not required\n for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327. (CVE-2021-0342)\n\n - In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This\n could lead to local information disclosure in the kernel with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476\n (CVE-2021-0605)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-1578.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-27786\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-18811', 'CVE-2019-19523', 'CVE-2019-19528', 'CVE-2020-0431', 'CVE-2020-11608', 'CVE-2020-12114', 'CVE-2020-12362', 'CVE-2020-12363', 'CVE-2020-12364', 'CVE-2020-12464', 'CVE-2020-14314', 'CVE-2020-14356', 'CVE-2020-15437', 'CVE-2020-24394', 'CVE-2020-25212', 'CVE-2020-25284', 'CVE-2020-25285', 'CVE-2020-25643', 'CVE-2020-25704', 'CVE-2020-27786', 'CVE-2020-27835', 'CVE-2020-28974', 'CVE-2020-35508', 'CVE-2020-36322', 'CVE-2021-0342', 'CVE-2021-0605');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2021:1578');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T15:33:38", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14630-1 advisory.\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. (CVE-2019-16746)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 (CVE-2020-0431)\n\n - In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-162844689References: Upstream kernel (CVE-2020-0465)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2020-14353)\n\n - A flaw was found in the Linux kernels futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-14381)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of- bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. (CVE-2020-15437)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. (CVE-2020-25668)\n\n - A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free. (CVE-2020-25669)\n\n - In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-119770583 (CVE-2020-27068)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14630-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18270", "CVE-2019-16746", "CVE-2020-0404", "CVE-2020-0431", "CVE-2020-0465", "CVE-2020-11668", "CVE-2020-14331", "CVE-2020-14353", "CVE-2020-14381", "CVE-2020-14390", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25211", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788", "CVE-2021-3347"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigmem", "p-cpe:/a:novell:suse_linux:kernel-bigmem-base", "p-cpe:/a:novell:suse_linux:kernel-bigmem-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-ppc64", "p-cpe:/a:novell:suse_linux:kernel-ppc64-base", "p-cpe:/a:novell:suse_linux:kernel-ppc64-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2021-14630-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150536", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:14630-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150536);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2019-16746\",\n \"CVE-2020-0404\",\n \"CVE-2020-0431\",\n \"CVE-2020-0465\",\n \"CVE-2020-4788\",\n \"CVE-2020-11668\",\n \"CVE-2020-14331\",\n \"CVE-2020-14353\",\n \"CVE-2020-14381\",\n \"CVE-2020-14390\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25211\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25643\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\",\n \"CVE-2021-3347\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:14630-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14630-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:14630-1 advisory.\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check\n the length of variable elements in a beacon head, leading to a buffer overflow. (CVE-2019-16746)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual\n root cause. This could lead to local escalation of privilege in the kernel with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459\n (CVE-2020-0431)\n\n - In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds\n check. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-162844689References: Upstream kernel (CVE-2020-0465)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB\n driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a\n duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2020-14353)\n\n - A flaw was found in the Linux kernels futex implementation. This flaw allows a local attacker to corrupt\n system memory or escalate their privileges when creating a futex on a filesystem that is about to be\n unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-14381)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-\n bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial\n of service by using the p->serial_in pointer which uninitialized. (CVE-2020-15437)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw was found in Linux Kernel because access to the global variable fg_console is not properly\n synchronized leading to a use after free in con_font_op. (CVE-2020-25668)\n\n - A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by\n sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in\n sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free. (CVE-2020-25669)\n\n - In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds\n check. This could lead to local information disclosure with System execution privileges needed. User\n interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-119770583 (CVE-2020-27068)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked\n down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to further increase their privileges to that of a\n running kernel. (CVE-2020-27777)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and\n the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to\n this specific memory while freed and before use causes the flow of execution to change and possibly allow\n for memory corruption or privilege escalation. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free\n during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1168952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1175691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181553\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-February/008335.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56f42edd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3347\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'kernel-default-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-base-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-devel-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-man-3.0.101-108.120', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-base-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-devel-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-source-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-syms-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-base-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-devel-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-base-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-devel-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-man-3.0.101-108.120', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-base-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-devel-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-source-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-syms-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-base-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-devel-3.0.101-108.120', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.120', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.120', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:03", "description": "The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (bnc#1181504).\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).\n\nCVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395).\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-10781: A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device.\nWith this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable (bnc#1173074).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c where uninitialized memory leaks to userspace (bnc#1179429).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663).\n\nCVE-2019-20806: Fixed a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service (bnc#1172199).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-12T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0438-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20806", "CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-10781", "CVE-2020-11668", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25211", "CVE-2020-25639", "CVE-2020-25669", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-27835", "CVE-2020-28374", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788", "CVE-2021-3347", "CVE-2021-3348"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0438-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146474", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0438-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146474);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2019-20806\",\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-10781\",\n \"CVE-2020-11668\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25211\",\n \"CVE-2020-25639\",\n \"CVE-2020-25669\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-27835\",\n \"CVE-2020-28374\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\",\n \"CVE-2021-3347\",\n \"CVE-2021-3348\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0438-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be\ntriggered by local attackers (with access to the nbd device) via an\nI/O request at a certain point during device setup (bnc#1181504).\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes\nduring fault handling, allowing local users to execute code in the\nkernel (bnc#1181349).\n\nCVE-2020-25211: Fixed a buffer overflow in\nctnetlink_parse_tuple_filter() which could be triggered by a local\nattackers by injecting conntrack netlink configuration (bnc#1176395).\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was\nfound, specifically in the way user calls Ioctl after open dev file\nand fork. A local user could use this flaw to crash the system\n(bnc#1179878).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information\nleaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing\nwatch events (bnc#1179508).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-10781: A flaw was found in the ZRAM kernel module, where a\nuser with a local account and the ability to read the\n/sys/class/zram-control/hot_add file can create ZRAM device nodes in\nthe /dev/ directory. This read allocates kernel memory and is not\naccounted for a user that triggers the creation of that ZRAM device.\nWith this vulnerability, continually reading the device may consume a\nlarge amount of system memory and cause the Out-of-Memory (OOM) killer\nto activate and terminate random userspace processes, possibly making\nthe system inoperable (bnc#1173074).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl\n(bnc#1176846).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI\nimplementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-29371: An issue was discovered in romfs_dev_read in\nfs/romfs/storage.c where uninitialized memory leaks to userspace\n(bnc#1179429).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the\nXirlink camera USB driver (bnc#1168952).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed (bsc#1179663).\n\nCVE-2019-20806: Fixed a NULL pointer dereference in\ntw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c,\nwhich may cause denial of service (bnc#1172199).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20806/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10781/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25211/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25639/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27835/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29568/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29569/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3347/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3348/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210438-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5f57dfef\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-438=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2021-438=1\n\nSUSE Linux Enterprise Module for Live Patching 15 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-438=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-438=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-438=1\n\nSUSE Linux Enterprise High Availability 15 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-2021-438=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-base-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-debuginfo-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-debugsource-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-devel-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-obs-build-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-obs-build-debugsource-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-syms-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-base-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-debugsource-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"reiserfs-kmp-default-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-150.66.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-11T15:34:53", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed.(CVE-2020-0427)\n\n - NULL-ptr deref in the spk_ttyio_receive_buf2() function in spk_ttyio.c.(CVE-2020-27830)\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed.(CVE-2020-0466)\n\n - In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.(CVE-2020-27068)\n\n - use-after-free read in sunkbd_reinit in drivers/input/keyboard/sunkbd.c.(CVE-2020-25669)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.(CVE-2020-28941)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue.(CVE-2020-25705)\n\n - race condition in fg_console can lead to use-after-free in con_font_op.(CVE-2020-25668)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.(CVE-2020-27673)\n\n - An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.(CVE-2020-29368)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.(CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)\n\n - There is a memory leak in perf_event_parse_addr_filter.(CVE-2020-25704)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-8694)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)\n\n - An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets.\n The highest threat from this vulnerability is to data confidentiality.(CVE-2020-12352)\n\n - A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-12351)\n\n - A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.(CVE-2020-26088)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-25641)\n\n - In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-143560807(CVE-2020-0432)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c, aka CID-b4487b935452..(CVE-2020-25212)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-14385)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel(CVE-2020-0404)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-11T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1642)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-0466", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-14314", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-15437", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-26088", "CVE-2020-27068", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27830", "CVE-2020-28915", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-29368", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-8694"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-1642.NASL", "href": "https://www.tenable.com/plugins/nessus/147690", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147690);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0431\",\n \"CVE-2020-0432\",\n \"CVE-2020-0466\",\n \"CVE-2020-8694\",\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-14314\",\n \"CVE-2020-14385\",\n \"CVE-2020-14386\",\n \"CVE-2020-15437\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-26088\",\n \"CVE-2020-27068\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27830\",\n \"CVE-2020-28915\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\",\n \"CVE-2020-29368\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1642)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - In create_pinctrl of core.c, there is a possible out of\n bounds read due to a use after free. This could lead to\n local information disclosure with no additional\n execution privileges needed.(CVE-2020-0427)\n\n - NULL-ptr deref in the spk_ttyio_receive_buf2() function\n in spk_ttyio.c.(CVE-2020-27830)\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c,\n there is a possible use after free due to a logic\n error. This could lead to local escalation of privilege\n with no additional execution privileges\n needed.(CVE-2020-0466)\n\n - In the nl80211_policy policy of nl80211.c, there is a\n possible out of bounds read due to a missing bounds\n check. This could lead to local information disclosure\n with System execution privileges\n needed.(CVE-2020-27068)\n\n - use-after-free read in sunkbd_reinit in\n drivers/input/keyboard/sunkbd.c.(CVE-2020-25669)\n\n - A flaw was found in the Linux kernels implementation of\n MIDI, where an attacker with a local account and the\n permissions to issue an ioctl commands to midi devices,\n could trigger a use-after-free. A write to this\n specific memory while freed and before use could cause\n the flow of execution to change and possibly allow for\n memory corruption or privilege\n escalation.(CVE-2020-27786)\n\n - An issue was discovered in romfs_dev_read in\n fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)\n\n - A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - An issue was discovered in\n drivers/accessibility/speakup/spk_ttyio.c in the Linux\n kernel through 5.9.9. Local attackers on systems with\n the speakup driver could cause a local denial of\n service attack, aka CID-d41227544427. This occurs\n because of an invalid free when the line discipline is\n used more than once.(CVE-2020-28941)\n\n - A buffer over-read (at the framebuffer layer) in the\n fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)\n\n - A flaw in the way reply ICMP packets are limited in the\n Linux kernel functionality was found that allows to\n quickly scan open UDP ports. This flaw allows an\n off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this\n vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source\n port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this\n issue.(CVE-2020-25705)\n\n - race condition in fg_console can lead to use-after-free\n in con_font_op.(CVE-2020-25668)\n\n - The Linux kernel before version 5.8 is vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)\n\n - An issue was discovered in the Linux kernel through\n 5.9.1, as used with Xen through 4.14.x. Guest OS users\n can cause a denial of service (host OS hang) via a high\n rate of events to dom0, aka\n CID-e99502f76271.(CVE-2020-27673)\n\n - An issue was discovered in __split_huge_pmd in\n mm/huge_memory.c in the Linux kernel before 5.7.5. The\n copy-on-write implementation can grant unintended write\n access because of a race condition in a THP mapcount\n check, aka CID-c444eb564fb1.(CVE-2020-29368)\n\n - An issue was discovered in the Linux kernel through\n 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel\n removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL\n pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized\n device, aka CID-073d0552ead5.(CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory\n accesses in userspace to kernel communication. On a\n locked down (usually due to Secure Boot) guest system\n running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to\n further increase their privileges to that of a running\n kernel.(CVE-2020-27777)\n\n - There is a memory leak in\n perf_event_parse_addr_filter.(CVE-2020-25704)\n\n - Insufficient access control in the Linux kernel driver\n for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via\n local access.(CVE-2020-8694)\n\n - A flaw was found in the Linux kernel. A use-after-free\n was found in the way the console subsystem was using\n ioctls KDGKBSENT and KDSKBSENT. A local user could use\n this flaw to get read memory access out of bounds. The\n highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-25656)\n\n - In kbd_keycode of keyboard.c, there is a possible out\n of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - A flaw was found in the HDLC_PPP module of the Linux\n kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input\n validation in the ppp_cp_parse_cr function which can\n cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before\n 5.9-rc7. Traffic between two Geneve endpoints may be\n unencrypted when IPsec is configured to encrypt traffic\n for the specific UDP port used by the GENEVE tunnel\n allowing anyone between the two endpoints to read the\n traffic unencrypted. The main threat from this\n vulnerability is to data\n confidentiality.(CVE-2020-25645)\n\n - An information leak flaw was found in the way the Linux\n kernel's Bluetooth stack implementation handled\n initialization of stack memory when handling certain\n AMP packets. A remote attacker in adjacent range could\n use this flaw to leak small portions of stack memory on\n the system by sending a specially crafted AMP packets.\n The highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-12352)\n\n - A flaw was found in the way the Linux kernel Bluetooth\n implementation handled L2CAP packets with A2MP CID. A\n remote attacker in adjacent range could use this flaw\n to crash the system causing denial of service or\n potentially execute arbitrary code on the system by\n sending a specially crafted L2CAP packet. The highest\n threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-12351)\n\n - A missing CAP_NET_RAW check in NFC socket creation in\n net/nfc/rawsock.c in the Linux kernel before 5.8.2\n could be used by local attackers to create raw sockets,\n bypassing security mechanisms, aka\n CID-26896f01467a.(CVE-2020-26088)\n\n - A flaw was found in the Linux kernel's implementation\n of biovecs in versions before 5.9-rc7. A zero-length\n biovec request issued by the block subsystem could\n cause the kernel to enter an infinite loop, causing a\n denial of service. This flaw allows a local attacker\n with basic privileges to issue requests to a block\n device, resulting in a denial of service. The highest\n threat from this vulnerability is to system\n availability.(CVE-2020-25641)\n\n - In skb_to_mamac of networking.c, there is a possible\n out of bounds write due to an integer overflow. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-143560807(CVE-2020-0432)\n\n - A TOCTOU mismatch in the NFS client code in the Linux\n kernel before 5.8.3 could be used by local attackers to\n corrupt memory or possibly have unspecified other\n impact because a size check is in fs/ nfs/ nfs4proc.c\n instead of fs/ nfs/ nfs4xdr.c, aka\n CID-b4487b935452..(CVE-2020-25212)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A\n failure of the file system metadata validator in XFS\n can cause an inode with a valid, user-creatable\n extended attribute to be flagged as corrupt. This can\n lead to the filesystem being shutdown, or otherwise\n rendered inaccessible until it is remounted, leading to\n a denial of service. The highest threat from this\n vulnerability is to system\n availability.(CVE-2020-14385)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a\n possible linked list corruption due to an unusual root\n cause. This could lead to local escalation of privilege\n in the kernel with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream\n kernel(CVE-2020-0404)\n\n - The rbd block device driver in drivers/block/rbd.c in\n the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which\n could be leveraged by local attackers to map or unmap\n rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in\n mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL\n pointer dereference, or possibly have unspecified other\n impact, aka CID-17743798d812.(CVE-2020-25285)\n\n - A memory out-of-bounds read flaw was found in the Linux\n kernel before 5.9-rc2 with the ext3/ext4 file system,\n in the way it accesses a directory with broken\n indexing. This flaw allows a local user to crash the\n system if the directory exists. The highest threat from\n this vulnerability is to system\n availability.(CVE-2020-14314)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root\n privileges from unprivileged processes. The highest\n threat from this vulnerability is to data\n confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1642\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fbd2c64\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.18.0-147.5.1.2.h314.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.2.h314.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.2.h314.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.2.h314.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-12T15:05:03", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc. Security Fix(es):In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-111893654References: Upstream kernel.(CVE-2020-0404)A flaw was found in the Linux kernel in versions from 2.2.3 through 5.9.rc5. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. This highest threat from this vulnerability is to system availability.(CVE-2020-14390)A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs4proc.c instead of fsfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service.\n The highest threat from this vulnerability is to system availability.(CVE-2020-14385)In the Linux kernel before 5.7.8, fsfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131.\n This occurs because the current umask is not considered.(CVE-2020-24394)The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys et/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.(CVE-2019-18805)Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.(CVE-2019-0147)Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.(CVE-2020-0145)A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)A missing CAP_NET_RAW check in NFC socket creation in net fc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.(CVE-2020-26088)A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.(CVE-2015-7837)A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-25641)A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)perf: Fix race in perf_mmap_close function.(CVE-2020-14351)An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-12352)A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-12351)A heap buffer overflow flaw was found in the way the Linux kernel's Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-24490)** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2020-25656)In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807(CVE-2020-0432)A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.(CVE-2020-25704)A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)There is a use-after-free problem seen due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.(CVE-2020-10690)A device tracking vulnerability was found in the flow_dissector feature in the Linux kernel. This flaw occurs because the auto flowlabel of the UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and jhash (instead of siphash) is used. The hashmd value remains the same starting from boot time and can be inferred by an attacker.(CVE-2019-18282)Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)An issue was discovered in the Linux kernel before 5.2.6.\n On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.(CVE-2020-29374)A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459(CVE-2020-0431)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-05T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7837", "CVE-2019-0145", "CVE-2019-0147", "CVE-2019-18282", "CVE-2019-18805", "CVE-2019-20934", "CVE-2020-0145", "CVE-2020-0404", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-10690", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-14314", "CVE-2020-14351", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-14390", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-24394", "CVE-2020-24490", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25704", "CVE-2020-26088", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29371", "CVE-2020-29374"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-1039.NASL", "href": "https://www.tenable.com/plugins/nessus/144731", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144731);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2015-7837\",\n \"CVE-2019-0145\",\n \"CVE-2019-0147\",\n \"CVE-2019-18282\",\n \"CVE-2019-18805\",\n \"CVE-2019-20934\",\n \"CVE-2020-0404\",\n \"CVE-2020-0431\",\n \"CVE-2020-0432\",\n \"CVE-2020-10690\",\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-14314\",\n \"CVE-2020-14351\",\n \"CVE-2020-14385\",\n \"CVE-2020-14386\",\n \"CVE-2020-14390\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-24394\",\n \"CVE-2020-24490\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25704\",\n \"CVE-2020-26088\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29370\",\n \"CVE-2020-29371\",\n \"CVE-2020-29374\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-103

CVE-2020-15437

Description

Affected Software

Related