DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2020-25285", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-25285", "description": "A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.", "published": "2020-09-13T18:15:00", "modified": "2022-04-28T18:32:00", "epss": [{"cve": "CVE-2020-25285", "epss": 0.00042, "percentile": 0.05731, "modified": "2023-12-02"}], "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 4.4}, "severity": "MEDIUM", "exploitabilityScore": 3.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 0.5, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25285", "reporter": "cve@mitre.org", "references": ["https://twitter.com/grsecurity/status/1303749848898904067", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17743798d81238ab13050e8e2833699b54e15467", "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8", "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", "https://security.netapp.com/advisory/ntap-20201009-0002/", "https://usn.ubuntu.com/4576-1/", "https://usn.ubuntu.com/4579-1/", "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html", "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"], "cvelist": ["CVE-2020-25285"], "immutableFields": [], "lastseen": "2023-12-02T15:57:13", "viewCount": 315, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1578"]}, {"type": "amazon", "idList": ["ALAS-2020-1437", "ALAS2-2020-1495"]}, {"type": "cbl_mariner", "idList": ["CBLMARINER:3456"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:3B00E04C67EFB83F5D044A76DD92B52C", "CFOUNDRY:8CFF4A0AF748B0C857C01324EB35B6D4"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2385-1:FDE93", "DEBIAN:DLA-2420-1:692E7", "DEBIAN:DLA-2420-2:175D1"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-25285"]}, {"type": "mageia", "idList": ["MGASA-2020-0392"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1495.NASL", "AL2_ALASKERNEL-5_4-2022-016.NASL", "ALA_ALAS-2020-1437.NASL", "ALMA_LINUX_ALSA-2021-1578.NASL", "CENTOS8_RHSA-2021-1578.NASL", "DEBIAN_DLA-2385.NASL", "DEBIAN_DLA-2420.NASL", "EULEROS_SA-2020-2166.NASL", "EULEROS_SA-2020-2176.NASL", "EULEROS_SA-2020-2311.NASL", "EULEROS_SA-2020-2353.NASL", "EULEROS_SA-2020-2549.NASL", "EULEROS_SA-2021-1039.NASL", "EULEROS_SA-2021-1079.NASL", "EULEROS_SA-2021-1604.NASL", "EULEROS_SA-2021-1642.NASL", "NEWSTART_CGSL_NS-SA-2022-0059_KERNEL.NASL", "OPENSUSE-2020-1901.NASL", "OPENSUSE-2020-1906.NASL", "OPENSUSE-2020-2112.NASL", "OPENSUSE-2021-242.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLELINUX_ELSA-2020-5879.NASL", "ORACLELINUX_ELSA-2020-5881.NASL", "ORACLELINUX_ELSA-2020-5884.NASL", "ORACLELINUX_ELSA-2020-5885.NASL", "ORACLELINUX_ELSA-2021-1578.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "PHOTONOS_PHSA-2020-1_0-0330_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0288_LINUX.NASL", "REDHAT-RHSA-2021-1578.NASL", "REDHAT-RHSA-2021-1739.NASL", "SLACKWARE_SSA_2020-295-01.NASL", "SUSE_SU-2020-3122-1.NASL", "SUSE_SU-2020-3272-1.NASL", "SUSE_SU-2020-3281-1.NASL", "SUSE_SU-2020-3326-1.NASL", "SUSE_SU-2020-3513-1.NASL", "SUSE_SU-2020-3522-1.NASL", "SUSE_SU-2020-3532-1.NASL", "SUSE_SU-2020-3544-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0452-1.NASL", "SUSE_SU-2021-14630-1.NASL", "UBUNTU_USN-4576-1.NASL", "UBUNTU_USN-4579-1.NASL", "UBUNTU_USN-4660-1.NASL", "UBUNTU_USN-4912-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5866", "ELSA-2020-5879", "ELSA-2020-5881", "ELSA-2020-5884", "ELSA-2020-5885", "ELSA-2021-1578"]}, {"type": "osv", "idList": ["OSV:DLA-2385-1", "OSV:DLA-2420-1"]}, {"type": "photon", "idList": ["PHSA-2020-0142", "PHSA-2020-0330", "PHSA-2020-1.0-0330", "PHSA-2020-2.0-0288", "PHSA-2020-3.0-0142"]}, {"type": "prion", "idList": ["PRION:CVE-2020-25285"]}, {"type": "redhat", "idList": ["RHSA-2021:1578", "RHSA-2021:1739", "RHSA-2021:2121", "RHSA-2021:2136"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-25285"]}, {"type": "slackware", "idList": ["SSA-2020-295-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1906-1", "OPENSUSE-SU-2020:2112-1", "OPENSUSE-SU-2021:0242-1"]}, {"type": "ubuntu", "idList": ["USN-4576-1", "USN-4579-1", "USN-4660-1", "USN-4660-2", "USN-4912-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-25285"]}, {"type": "veracode", "idList": ["VERACODE:27608"]}]}, "score": {"value": 6.7, "uncertanity": 0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1578"]}, {"type": "amazon", "idList": ["ALAS-2020-1437"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:3B00E04C67EFB83F5D044A76DD92B52C"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2385-1:FDE93"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-25285"]}, {"type": "nessus", "idList": ["ALA_ALAS-2020-1437.NASL", "DEBIAN_DLA-2385.NASL", "EULEROS_SA-2020-2166.NASL", "EULEROS_SA-2020-2176.NASL", "EULEROS_SA-2021-1079.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLELINUX_ELSA-2020-5881.NASL", "ORACLELINUX_ELSA-2020-5884.NASL", "ORACLELINUX_ELSA-2020-5885.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "SUSE_SU-2021-14630-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5866", "ELSA-2020-5879", "ELSA-2020-5881", "ELSA-2020-5884", "ELSA-2020-5885"]}, {"type": "photon", "idList": ["PHSA-2020-3.0-0153"]}, {"type": "redhat", "idList": ["RHSA-2021:1578"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-25285"]}, {"type": "slackware", "idList": ["SSA-2020-295-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1906-1", "OPENSUSE-SU-2020:2112-1", "OPENSUSE-SU-2021:0242-1"]}, {"type": "ubuntu", "idList": ["USN-4576-1", "USN-4579-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-25285"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "linux linux kernel", "version": 5}, {"name": "debian debian linux", "version": 9}, {"name": "canonical ubuntu linux", "version": 14}, {"name": "canonical ubuntu linux", "version": 16}, {"name": "canonical ubuntu linux", "version": 18}, {"name": "canonical ubuntu linux", "version": 20}]}, "epss": [{"cve": "CVE-2020-25285", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}], "short_description": "Race condition in hugetlb sysctl handlers in Linux kernel before 5.8.", "tags": ["cve-2020-25285", "race condition", "hugetlb", "sysctl", "linux kernel", "memory corruption", "null pointer dereference", "security vulnerability"], "vulnersScore": 6.7}, "_state": {"dependencies": 1701535145, "score": 1701533623, "affected_software_major_version": 0, "epss": 0, "chatgpt": 0}, "_internal": {"score_hash": "cdeff90a69e4fa1ba6a7c949d46bf17f", "chatgpt": "bcd8b0c2eb1fce714eab6cef0d771acc"}, "cna_cvss": {"cna": "mitre", "cvss": {}}, "cpe": ["cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:20.04", "cpe:/o:debian:debian_linux:9.0"], "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"], "cwe": ["CWE-787", "CWE-476", "CWE-362"], "affectedSoftware": [{"cpeName": "linux:linux_kernel", "version": "5.8.8", "operator": "lt", "name": "linux linux kernel"}, {"cpeName": "debian:debian_linux", "version": "9.0", "operator": "eq", "name": "debian debian linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "18.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "14.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "20.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "16.04", "operator": "eq", "name": "canonical ubuntu linux"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.8.8:*:*:*:*:*:*:*", "versionEndExcluding": "5.8.8", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://twitter.com/grsecurity/status/1303749848898904067", "name": "https://twitter.com/grsecurity/status/1303749848898904067", "refsource": "MISC", "tags": ["Third Party Advisory"]}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17743798d81238ab13050e8e2833699b54e15467", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17743798d81238ab13050e8e2833699b54e15467", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8", "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8", "refsource": "MISC", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20201009-0002/", "name": "https://security.netapp.com/advisory/ntap-20201009-0002/", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}, {"url": "https://usn.ubuntu.com/4576-1/", "name": "USN-4576-1", "refsource": "UBUNTU", "tags": ["Third Party Advisory"]}, {"url": "https://usn.ubuntu.com/4579-1/", "name": "USN-4579-1", "refsource": "UBUNTU", "tags": ["Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html", "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html", "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}], "product_info": [{"vendor": "Debian", "product": "Debian_linux"}, {"vendor": "Linux", "product": "Linux_kernel"}, {"vendor": "Canonical", "product": "Ubuntu_linux"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "2020-09-13T00:00:00"}

{"prion": [{"lastseen": "2023-11-22T01:30:41", "description": "A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-13T18:15:00", "type": "prion", "title": "Race condition", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25285"], "modified": "2022-04-28T18:32:00", "id": "PRION:CVE-2020-25285", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-25285", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2022-07-26T16:45:28", "description": "linux kernel is vulnerable to remote code execution (RCE). The vulnerability exists through a race condition between `hugetlb` sysctl handlers in `mm/hugetlb.c`.\n", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-18T01:56:12", "type": "veracode", "title": "Remote Code Execution (RCE)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25285"], "modified": "2022-04-28T21:13:39", "id": "VERACODE:27608", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-27608/summary", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-12-02T18:27:21", "description": "A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-13T18:15:00", "type": "debiancve", "title": "CVE-2020-25285", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25285"], "modified": "2020-09-13T18:15:00", "id": "DEBIANCVE:CVE-2020-25285", "href": "https://security-tracker.debian.org/tracker/CVE-2020-25285", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "cbl_mariner": [{"lastseen": "2023-12-02T20:18:18", "description": "CVE-2020-25285 affecting package kernel 5.4.91-6. A patched version of the package is available.", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-03T03:44:27", "type": "cbl_mariner", "title": "CVE-2020-25285 affecting package kernel 5.4.91-6", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25285"], "modified": "2021-03-03T03:44:27", "id": "CBLMARINER:3456", "href": "", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-11-29T16:26:19", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2020-10-14T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2020-1.0-0330", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25285"], "modified": "2020-10-15T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0330_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/141439", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0330. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141439);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/15\");\n\n script_cve_id(\"CVE-2020-25285\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2020-1.0-0330\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-330.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25285\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-4.4.237-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'linux-api-headers-4.4.237-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-dev-4.4.237-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-docs-4.4.237-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-drivers-gpu-4.4.237-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-4.4.237-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-devel-4.4.237-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-docs-4.4.237-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-oprofile-4.4.237-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-sound-4.4.237-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-tools-4.4.237-2.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:35", "description": "The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact (bnc#1176485).\n\nCVE-2020-16120: Fixed permission check to open real file when using overlayfs. It was possible to have a file not readable by an unprivileged user be copied to a mountpoint controlled by that user and then be able to access the file. (bsc#1177470)\n\nCVE-2020-14351: Fixed a race condition in the perf_mmap_close() function (bsc#1177086).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3122-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14351", "CVE-2020-16120", "CVE-2020-25285"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3122-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143621", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3122-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143621);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-14351\", \"CVE-2020-16120\", \"CVE-2020-25285\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3122-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25285: A race condition between hugetlb sysctl handlers in\nmm/hugetlb.c could be used by local attackers to corrupt memory, cause\na NULL pointer dereference, or possibly have unspecified other impact\n(bnc#1176485).\n\nCVE-2020-16120: Fixed permission check to open real file when using\noverlayfs. It was possible to have a file not readable by an\nunprivileged user be copied to a mountpoint controlled by that user\nand then be able to access the file. (bsc#1177470)\n\nCVE-2020-14351: Fixed a race condition in the perf_mmap_close()\nfunction (bsc#1177086).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14351/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-16120/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25285/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203122-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a311d51b\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-3122=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-3122=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-3122=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP2-2020-3122=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3122=1\n\nSUSE Linux Enterprise High Availability 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-3122=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.34.1.9.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.34.1.9.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T16:26:19", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4579-1 advisory.\n\n - The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. (CVE-2018-10322)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-14T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4579-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10322", "CVE-2020-14314", "CVE-2020-16119", "CVE-2020-25285"], "modified": "2023-10-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1082-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1117-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1141-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1145-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-193-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-193-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-193-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-193-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-193-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-193-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-193-powerpc64-smp"], "id": "UBUNTU_USN-4579-1.NASL", "href": "https://www.tenable.com/plugins/nessus/141447", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4579-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141447);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2018-10322\",\n \"CVE-2020-14314\",\n \"CVE-2020-16119\",\n \"CVE-2020-25285\"\n );\n script_bugtraq_id(103960);\n script_xref(name:\"USN\", value:\"4579-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4579-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4579-1 advisory.\n\n - The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows\n local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a\n crafted xfs image. (CVE-2018-10322)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4579-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16119\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1082-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1117-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1141-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1145-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-193-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-193-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-193-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-193-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-193-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-193-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-193-powerpc64-smp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.4.0': {\n 'generic': '4.4.0-193',\n 'generic-lpae': '4.4.0-193',\n 'lowlatency': '4.4.0-193',\n 'powerpc-e500mc': '4.4.0-193',\n 'powerpc-smp': '4.4.0-193',\n 'powerpc64-emb': '4.4.0-193',\n 'powerpc64-smp': '4.4.0-193',\n 'kvm': '4.4.0-1082',\n 'aws': '4.4.0-1117',\n 'raspi2': '4.4.0-1141',\n 'snapdragon': '4.4.0-1145'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4579-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2018-10322', 'CVE-2020-14314', 'CVE-2020-16119', 'CVE-2020-25285');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4579-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T16:24:34", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5881 advisory.\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. (CVE-2017-8924)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-10T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5881)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8924", "CVE-2019-19073", "CVE-2020-14314", "CVE-2020-25285"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5881.NASL", "href": "https://www.tenable.com/plugins/nessus/141365", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5881.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141365);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2017-8924\",\n \"CVE-2019-19073\",\n \"CVE-2020-14314\",\n \"CVE-2020-25285\"\n );\n script_bugtraq_id(98451);\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5881)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-5881 advisory.\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow\n attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout()\n failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the\n htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows\n local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel\n memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer\n underflow. (CVE-2017-8924)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5881.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25285\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.326.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5881');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.326.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.326.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.326.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.326.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.326.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.326.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.326.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.326.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.326.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.326.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:26:54", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device.\n With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.(CVE-2020-10781)The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-2549)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10781", "CVE-2020-14314", "CVE-2020-14386", "CVE-2020-25284", "CVE-2020-25285"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2549.NASL", "href": "https://www.tenable.com/plugins/nessus/144244", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144244);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/02\");\n\n script_cve_id(\n \"CVE-2020-10781\",\n \"CVE-2020-14314\",\n \"CVE-2020-14386\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-2549)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):A flaw was found in the\n Linux Kernel before 5.8-rc6 in the ZRAM kernel module,\n where a user with a local account and the ability to\n read the /sys/class/zram-control/hot_add file can\n create ZRAM device nodes in the /dev/ directory. This\n read allocates kernel memory and is not accounted for a\n user that triggers the creation of that ZRAM device.\n With this vulnerability, continually reading the device\n may consume a large amount of system memory and cause\n the Out-of-Memory (OOM) killer to activate and\n terminate random userspace processes, possibly making\n the system inoperable.(CVE-2020-10781)The rbd block\n device driver in drivers/block/rbd.c in the Linux\n kernel through 5.8.9 used incomplete permission\n checking for access to rbd devices, which could be\n leveraged by local attackers to map or unmap rbd block\n devices, aka CID-f44d04e696fe.(CVE-2020-25284)A memory\n out-of-bounds read flaw was found in the Linux kernel\n before 5.9-rc2 with the ext3/ext4 file system, in the\n way it accesses a directory with broken indexing. This\n flaw allows a local user to crash the system if the\n directory exists. The highest threat from this\n vulnerability is to system\n availability.(CVE-2020-14314)A flaw was found in the\n Linux kernel before 5.9-rc4. Memory corruption can be\n exploited to gain root privileges from unprivileged\n processes. The highest threat from this vulnerability\n is to data confidentiality and\n integrity.(CVE-2020-14386)A race condition between\n hugetlb sysctl handlers in mm/hugetlb.c in the Linux\n kernel before 5.8.8 could be used by local attackers to\n corrupt memory, cause a NULL pointer dereference, or\n possibly have unspecified other impact, aka\n CID-17743798d812.(CVE-2020-25285)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2549\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?78c0e5a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.5.h483.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h483.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h483.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h483.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h483.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h483.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h483.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:22", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2020-10-14T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2020-2.0-0288", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12771", "CVE-2020-12888", "CVE-2020-14390", "CVE-2020-25212", "CVE-2020-25220", "CVE-2020-25285"], "modified": "2020-10-15T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0288_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/141445", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0288. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141445);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/15\");\n\n script_cve_id(\n \"CVE-2020-12771\",\n \"CVE-2020-12888\",\n \"CVE-2020-14390\",\n \"CVE-2020-25212\",\n \"CVE-2020-25220\",\n \"CVE-2020-25285\"\n );\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2020-2.0-0288\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-288.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-4.9.237-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', reference:'linux-api-headers-4.9.237-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-4.9.237-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-devel-4.9.237-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-docs-4.9.237-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-drivers-gpu-4.9.237-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-oprofile-4.9.237-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-sound-4.9.237-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-devel-4.9.237-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-docs-4.9.237-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-drivers-gpu-4.9.237-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-esx-4.9.237-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-esx-devel-4.9.237-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-esx-docs-4.9.237-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-oprofile-4.9.237-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-4.9.237-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-devel-4.9.237-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-docs-4.9.237-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-lkcm-4.9.237-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-sound-4.9.237-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-tools-4.9.237-2.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T16:24:34", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4576-1 advisory.\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-25641)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-14T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4576-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14314", "CVE-2020-14385", "CVE-2020-16119", "CVE-2020-16120", "CVE-2020-25285", "CVE-2020-25641"], "modified": "2023-10-21T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1021-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1026-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1028-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1028-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1028-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1031-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-51-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-51-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-51-lowlatency"], "id": "UBUNTU_USN-4576-1.NASL", "href": "https://www.tenable.com/plugins/nessus/141451", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4576-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141451);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/21\");\n\n script_cve_id(\n \"CVE-2020-14314\",\n \"CVE-2020-14385\",\n \"CVE-2020-16119\",\n \"CVE-2020-16120\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\"\n );\n script_xref(name:\"USN\", value:\"4576-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4576-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4576-1 advisory.\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in\n XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can\n lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading\n to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length\n biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a\n denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block\n device, resulting in a denial of service. The highest threat from this vulnerability is to system\n availability. (CVE-2020-25641)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4576-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16119\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1021-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1026-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1028-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1028-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1028-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1031-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-51-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-51-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-51-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '18.04': {\n '5.4.0': {\n 'generic': '5.4.0-51',\n 'generic-lpae': '5.4.0-51',\n 'lowlatency': '5.4.0-51',\n 'raspi': '5.4.0-1021',\n 'aws': '5.4.0-1028',\n 'gcp': '5.4.0-1028',\n 'oracle': '5.4.0-1028',\n 'azure': '5.4.0-1031'\n }\n },\n '20.04': {\n '5.4.0': {\n 'generic': '5.4.0-51',\n 'generic-lpae': '5.4.0-51',\n 'lowlatency': '5.4.0-51',\n 'raspi': '5.4.0-1021',\n 'kvm': '5.4.0-1026',\n 'aws': '5.4.0-1028',\n 'gcp': '5.4.0-1028',\n 'oracle': '5.4.0-1028',\n 'azure': '5.4.0-1031'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4576-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2020-14314', 'CVE-2020-14385', 'CVE-2020-16119', 'CVE-2020-16120', 'CVE-2020-25285', 'CVE-2020-25641');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4576-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:07:34", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1495 advisory.\n\n - In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. (CVE-2019-19448)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-01T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2020-1495)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19448", "CVE-2020-14314", "CVE-2020-14331", "CVE-2020-25211", "CVE-2020-25212", "CVE-2020-25285"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.198-152.320", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1495.NASL", "href": "https://www.tenable.com/plugins/nessus/141106", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1495.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141106);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2019-19448\",\n \"CVE-2020-14314\",\n \"CVE-2020-14331\",\n \"CVE-2020-25211\",\n \"CVE-2020-25212\",\n \"CVE-2020-25285\"\n );\n script_xref(name:\"ALAS\", value:\"2020-1495\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2020-1495)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1495 advisory.\n\n - In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some\n operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in\n fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to\n a right data structure. (CVE-2019-19448)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1495.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25285\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14331\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.198-152.320\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2019-19448\", \"CVE-2020-14314\", \"CVE-2020-14331\", \"CVE-2020-25211\", \"CVE-2020-25212\", \"CVE-2020-25285\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2020-1495\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-devel-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-devel-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.198-152.320.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-livepatch-4.14.198-152.320-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-debuginfo-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-debuginfo-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-devel-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-devel-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perf-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perf-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perf-debuginfo-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perf-debuginfo-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'python-perf-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'python-perf-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'python-perf-debuginfo-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'python-perf-debuginfo-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:07", "description": "The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-25668: Fixed concurrency use-after-free in con_font_op (bnc#1178123).\n\n - CVE-2020-25656: Fixed race condition in kbd code (bnc#1177766).\n\n - CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c kernel could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812 (bnc#1176485).\n\n - CVE-2020-0430: In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176723).\n\n - CVE-2020-14351: Fixed race in the perf_mmap_close() function (bsc#1177086).\n\n - CVE-2020-16120: Fixed verify permissions in ovl_path_open() (bsc#1177470).\n\n - CVE-2020-8694: Restrict energy meter to root access to avoid side channel attack (bsc#1170415).\n\nThe following non-security bugs were fixed :\n\n - 9P: Cast to loff_t before multiplying (git-fixes).\n\n - ACPI / extlog: Check for RDMSR failure (git-fixes).\n\n - ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes).\n\n - ACPI: dock: fix enum-conversion warning (git-fixes).\n\n - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).\n\n - ALSA: bebob: potential info leak in hwdep_read() (git-fixes).\n\n - ALSA: compress_offload: remove redundant initialization (git-fixes).\n\n - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).\n\n - ALSA: core: pcm: simplify locking for timers (git-fixes).\n\n - ALSA: core: timer: clarify operator precedence (git-fixes).\n\n - ALSA: core: timer: remove redundant assignment (git-fixes).\n\n - ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes).\n\n - ALSA: hda - Do not register a cb func if it is registered already (git-fixes).\n\n - ALSA: hda - Fix the return value if cb func is already registered (git-fixes).\n\n - ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes).\n\n - ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes).\n\n - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes).\n\n - ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes).\n\n - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes).\n\n - ALSA: hda: use semicolons rather than commas to separate statements (git-fixes).\n\n - ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes).\n\n - ALSA: rawmidi: (cosmetic) align function parameters (git-fixes).\n\n - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes).\n\n - ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes).\n\n - ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes).\n\n - ALSA: usb-audio: fix spelling mistake 'Frequence' -> 'Frequency' (git-fixes).\n\n - ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes).\n\n - ASoC: qcom: lpass-platform: fix memory leak (git-fixes).\n\n - Add cherry-picked ids for already backported DRM radeon patches\n\n - Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes).\n\n - Bluetooth: Only mark socket zapped after unlocking (git-fixes).\n\n - EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1112178).\n\n - Fix use after free in get_capset_info callback (git-fixes).\n\n - HID: roccat: add bounds checking in kone_sysfs_write_settings() (git-fixes).\n\n - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery (git-fixes).\n\n - Input: ep93xx_keypad - fix handling of platform_get_irq() error (git-fixes).\n\n - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (git-fixes).\n\n - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() (git-fixes).\n\n - Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes).\n\n - Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes).\n\n - Input: twl4030_keypad - fix handling of platform_get_irq() error (git-fixes).\n\n - NTB: hw: amd: fix an issue about leak system resources (git-fixes).\n\n - USB: adutux: fix debugging (git-fixes).\n\n - USB: cdc-acm: handle broken union descriptors (git-fixes).\n\n - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync() (git-fixes).\n\n - USB: serial: qcserial: fix altsetting probing (git-fixes).\n\n - VMCI: check return value of get_user_pages_fast() for errors (git-fixes).\n\n - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600).\n\n - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes).\n\n - ata: sata_rcar: Fix DMA boundary mask (git-fixes).\n\n - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes).\n\n - ath10k: check idx validity in\n __ath10k_htt_rx_ring_fill_n() (git-fixes).\n\n - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).\n\n - ath10k: provide survey info as accumulated data (git-fixes).\n\n - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes).\n\n - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes).\n\n - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() (git-fixes).\n\n - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes).\n\n - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes).\n\n - backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes).\n\n - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750).\n\n - block: ensure bdi->io_pages is always initialized (bsc#1177749).\n\n - bnxt: do not enable NAPI until rings are ready (networking-stable-20_09_11).\n\n - bnxt_en: Check for zero dir entries in NVRAM (networking-stable-20_09_11).\n\n - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes).\n\n - brcmfmac: check ndev pointer (git-fixes).\n\n - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes).\n\n - btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687).\n\n - btrfs: do not force read-only after error in drop snapshot (bsc#1176354).\n\n - btrfs: do not set the full sync flag on the inode during page release (bsc#1177687).\n\n - btrfs: fix incorrect updating of log root tree (bsc#1177687).\n\n - btrfs: fix race between page release and a fast fsync (bsc#1177687).\n\n - btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687).\n\n - btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687).\n\n - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856).\n\n - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855).\n\n - btrfs: reduce contention on log trees when logging checksums (bsc#1177687).\n\n - btrfs: release old extent maps during page release (bsc#1177687).\n\n - btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687).\n\n - btrfs: remove root usage from can_overcommit (bsc#1131277).\n\n - btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687).\n\n - btrfs: take overcommit into account in inc_block_group_ro (bsc#1176560).\n\n - btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861).\n\n - bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes).\n\n - can: c_can: reg_map_(c,d)_can: mark as __maybe_unused (git-fixes).\n\n - can: can_create_echo_skb(): fix echo skb generation:\n always use skb_clone() (git-fixes).\n\n - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes).\n\n - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes).\n\n - can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes).\n\n - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes).\n\n - can: peak_usb: add range checking in decode operations (git-fixes).\n\n - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes).\n\n - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).\n\n - can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes).\n\n - ceph: fix memory leak in ceph_cleanup_snapid_map() (bsc#1178234).\n\n - ceph: map snapid to anonymous bdev ID (bsc#1178234).\n\n - ceph: promote to unsigned long long before shifting (bsc#1178187).\n\n - clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes).\n\n - clk: at91: remove the checking of parent_name (git-fixes).\n\n - clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes).\n\n - clk: imx8mq: Fix usdhc parents order (git-fixes).\n\n - clk: ti: clockdomain: fix static checker warning (git-fixes).\n\n - coredump: fix crash when umh is disabled (bsc#1177753).\n\n - crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes).\n\n - crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes).\n\n - crypto: ccp - fix error handling (git-fixes).\n\n - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call (git-fixes).\n\n - crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() (git-fixes).\n\n - crypto: omap-sham - fix digcnt register handling with export/import (git-fixes).\n\n - cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes).\n\n - cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes).\n\n - device property: Do not clear secondary pointer for shared primary firmware node (git-fixes).\n\n - device property: Keep secondary firmware node secondary by type (git-fixes).\n\n - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes).\n\n - drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes).\n\n - drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes).\n\n - drm/amdgpu: do not map BO in reserved region (git-fixes).\n\n - drm/amdgpu: prevent double kfree ttm->sg (git-fixes).\n\n - drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes).\n\n - drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes).\n\n - drm/gma500: fix error check (git-fixes).\n\n - drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes).\n\n - drm/imx: tve remove extraneous type qualifier (git-fixes).\n\n - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (git-fixes).\n\n - drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes).\n\n - drm/ttm: fix eviction valuable range check (git-fixes).\n\n - eeprom: at25: set minimum read/write access stride to 1 (git-fixes).\n\n - efivarfs: Replace invalid slashes with exclamation marks in dentries (git-fixes).\n\n - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24).\n\n - gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11).\n\n - i2c: imx: Fix external abort on interrupt in exit paths (git-fixes).\n\n - ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897).\n\n - ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes).\n\n - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes).\n\n - ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes).\n\n - icmp: randomize the global rate limiter (git-fixes).\n\n - iio:accel:bma180: Fix use of true when should be iio_shared_by enum (git-fixes).\n\n - iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes).\n\n - iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes).\n\n - iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes).\n\n - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes).\n\n - iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio:magn:hmc5843: Fix passing true where iio_shared_by enum required (git-fixes).\n\n - ima: Remove semicolon at the end of ima_get_binary_runtime_size() (git-fixes).\n\n - include/linux/swapops.h: correct guards for non_swap_entry() (git-fixes (mm/swap)).\n\n - iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754).\n\n - ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24).\n\n - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route (git-fixes).\n\n - ipv4: Update exception handling for multipath routes via same device (networking-stable-20_09_24).\n\n - iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes).\n\n - kbuild: enforce -Werror=return-type (bsc#1177281).\n\n - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes).\n\n - leds: mt6323: move period calculation (git-fixes).\n\n - lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes).\n\n - libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178188).\n\n - mac80211: handle lack of sband->bitrates in rates (git-fixes).\n\n - mailbox: avoid timer start from callback (git-fixes).\n\n - media: Revert 'media: exynos4-is: Add missed check for pinctrl_lookup_state()' (git-fixes).\n\n - media: ati_remote: sanity check for both endpoints (git-fixes).\n\n - media: bdisp: Fix runtime PM imbalance on error (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes).\n\n - media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes).\n\n - media: firewire: fix memory leak (git-fixes).\n\n - media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes).\n\n - media: media/pci: prevent memory leak in bttv_probe (git-fixes).\n\n - media: omap3isp: Fix memleak in isp_probe (git-fixes).\n\n - media: platform: Improve queue set up flow for bug fixing (git-fixes).\n\n - media: platform: fcp: Fix a reference count leak (git-fixes).\n\n - media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes).\n\n - media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes).\n\n - media: s5p-mfc: Fix a reference count leak (git-fixes).\n\n - media: saa7134: avoid a shift overflow (git-fixes).\n\n - media: st-delta: Fix reference count leak in delta_run_work (git-fixes).\n\n - media: sti: Fix reference count leaks (git-fixes).\n\n - media: tc358743: initialize variable (git-fixes).\n\n - media: ti-vpe: Fix a missing check and reference count leak (git-fixes).\n\n - media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes).\n\n - media: tw5864: check status of tw5864_frameinterval_get (git-fixes).\n\n - media: usbtv: Fix refcounting mixup (git-fixes).\n\n - media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes).\n\n - media: vsp1: Fix runtime PM imbalance on error (git-fixes).\n\n - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error (git-fixes).\n\n - memory: omap-gpmc: Fix a couple off by ones (git-fixes).\n\n - mfd: sm501: Fix leaks in probe() (git-fixes).\n\n - mic: vop: copy data to kernel space then write to io memory (git-fixes).\n\n - misc: mic: scif: Fix error handling path (git-fixes).\n\n - misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes).\n\n - misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes).\n\n - mlx5 PPC ringsize workaround (bsc#1173432).\n\n - mlx5: remove support for ib_get_vector_affinity (bsc#1174748).\n\n - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (git-fixes (mm/numa)).\n\n - mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)).\n\n - mm/ksm.c: do not WARN if page is still mapped in remove_stable_node() (git-fixes (mm/hugetlb)).\n\n - mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)).\n\n - mm/mempolicy.c: use match_string() helper to simplify the code (git-fixes (mm/mempolicy)).\n\n - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)).\n\n - mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)).\n\n - mm/page-writeback.c: use div64_ul() for u64-by-unsigned-long divide (git-fixes (mm/writeback)).\n\n - mm/page_owner.c: remove drain_all_pages from init_early_allocated_pages (git-fixes (mm/debug)).\n\n - mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)).\n\n - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n (git-fixes (mm/zsmalloc)).\n\n - mm/zsmalloc.c: fix race condition in zs_destroy_pool (git-fixes (mm/zsmalloc)).\n\n - mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)).\n\n - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely (git-fixes (mm/zsmalloc)).\n\n - mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() (git-fixes (mm/hugetlb)).\n\n - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes).\n\n - mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes).\n\n - mtd: lpddr: Fix bad logic in print_drs_error (git-fixes).\n\n - mtd: lpddr: fix excessive stack usage with clang (git-fixes).\n\n - mtd: mtdoops: Do not write panic data twice (git-fixes).\n\n - mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes).\n\n - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes).\n\n - mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes).\n\n - mwifiex: fix double free (git-fixes).\n\n - mwifiex: remove function pointer check (git-fixes).\n\n - net/mlx5e: Take common TIR context settings into a function (bsc#1177740).\n\n - net/mlx5e: Turn on HW tunnel offload in all TIRs (bsc#1177740).\n\n - net: Fix potential wrong skb->protocol in skb_vlan_untag() (networking-stable-20_08_24).\n\n - net: disable netpoll on fresh napis (networking-stable-20_09_11).\n\n - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes).\n\n - net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11).\n\n - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC (networking-stable-20_09_24).\n\n - net: phy: Avoid NPD upon phy_detach() when driver is unbound (networking-stable-20_09_24).\n\n - net: qrtr: fix usage of idr in port assignment to socket (networking-stable-20_08_24).\n\n - net: systemport: Fix memleak in bcm_sysport_probe (networking-stable-20_09_11).\n\n - net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-20_09_11).\n\n - net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes).\n\n - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (git-fixes).\n\n - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes).\n\n - netlabel: fix problems with mapping removal (networking-stable-20_09_11).\n\n - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() (git-fixes).\n\n - nl80211: fix non-split wiphy information (git-fixes).\n\n - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).\n\n - nvme-rdma: fix crash when connect rejected (bsc#1174748).\n\n - nvme: do not update disk info for multipathed device (bsc#1171558).\n\n - p54: avoid accessing the data mapped to streaming DMA (git-fixes).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes).\n\n - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes).\n\n - powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729).\n\n - powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729).\n\n - powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729).\n\n - powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729).\n\n - powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729).\n\n - powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#1065729).\n\n - powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729).\n\n - powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc#1077428 ltc#163882 git-fixes).\n\n - powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (bsc#1065729).\n\n - pty: do tty_flip_buffer_push without port->lock in pty_write (git-fixes).\n\n - pwm: lpss: Add range limit check for the base_unit register value (git-fixes).\n\n - pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() (git-fixes).\n\n - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes).\n\n - regulator: resolve supply after creating regulator (git-fixes).\n\n - ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes).\n\n - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)\n\n - rtl8xxxu: prevent potential memory leak (git-fixes).\n\n - scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729).\n\n - scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226).\n\n - sctp: not disable bh in the whole sctp_get_port_local() (networking-stable-20_09_11).\n\n - spi: fsl-espi: Only process interrupts for expected events (git-fixes).\n\n - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes).\n\n - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes).\n\n - staging: octeon: repair 'fixed-link' support (git-fixes).\n\n - target-rbd-fix-unmap-discard-block-size-conversion.patch : (bsc#1177271).\n\n - target-use-scsi_set_sense_information-helper-on-misc.pat ch: (bsc#1177719).\n\n - tg3: Fix soft lockup when tg3_reset_task() fails (networking-stable-20_09_11).\n\n - tipc: fix memory leak caused by tipc_buf_append() (git-fixes).\n\n - tipc: fix shutdown() of connection oriented socket (networking-stable-20_09_24).\n\n - tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11).\n\n - tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes).\n\n - tipc: fix uninit skb->data in tipc_nl_compat_dumpit() (networking-stable-20_08_24).\n\n - tipc: use skb_unshare() instead in tipc_buf_append() (networking-stable-20_09_24).\n\n - tty: ipwireless: fix error handling (git-fixes).\n\n - tty: serial: earlycon dependency (git-fixes).\n\n - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes).\n\n - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes).\n\n - usb: cdc-acm: fix cooldown mechanism (git-fixes).\n\n - usb: core: Solve race condition in anchor cleanup functions (git-fixes).\n\n - usb: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes).\n\n - usb: dwc2: Fix parameter type in function pointer prototype (git-fixes).\n\n - usb: dwc3: core: add phy cleanup for probe error handling (git-fixes).\n\n - usb: dwc3: core: do not trigger runtime pm when remove driver (git-fixes).\n\n - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes).\n\n - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes).\n\n - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes).\n\n - usb: gadget: function: printer: fix use-after-free in\n __lock_acquire (git-fixes).\n\n - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes).\n\n - usb: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).\n\n - usb: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n\n - usb: ohci: Default to per-port over-current protection (git-fixes).\n\n - usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes).\n\n - usb: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes).\n\n - vfs: fix FIGETBSZ ioctl on an overlayfs file (bsc#1178202).\n\n - video: fbdev: pvr2fb: initialize variables (git-fixes).\n\n - video: fbdev: sis: fix null ptr dereference (git-fixes).\n\n - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error (git-fixes).\n\n - w1: mxc_w1: Fix timeout resolution problem leading to bus error (git-fixes).\n\n - watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101).\n\n - watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101).\n\n - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes).\n\n - writeback: Avoid skipping inode writeback (bsc#1177755).\n\n - writeback: Fix sync livelock due to b_dirty_time processing (bsc#1177755).\n\n - writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755).\n\n - x86, fakenuma: Fix invalid starting node ID (git-fixes (mm/x86/fakenuma)).\n\n - x86/apic: Unify duplicated local apic timer clockevent initialization (bsc#1112178).\n\n - x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1112178).\n\n - x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1058115 bsc#1176907).\n\n - x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713).\n\n - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411).\n\n - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411).\n\n - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410).\n\n - xen/events: block rogue events for some time (XSA-332 bsc#1177411).\n\n - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411).\n\n - xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600).\n\n - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).\n\n - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411).\n\n - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411).\n\n - xen/gntdev.c: Mark pages as dirty (bsc#1065600).\n\n - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xfs: avoid infinite loop when cancelling CoW blocks after writeback failure (bsc#1178027).\n\n - xfs: do not update mtime on COW faults (bsc#1167030).\n\n - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes).\n\n - xfs: limit entries returned when counting fsmap records (git-fixes).", "cvss3": {}, "published": "2020-11-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-1901)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0430", "CVE-2020-14351", "CVE-2020-16120", "CVE-2020-25285", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-8694"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1901.NASL", "href": "https://www.tenable.com/plugins/nessus/142921", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1901.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142921);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-0430\", \"CVE-2020-14351\", \"CVE-2020-16120\", \"CVE-2020-25285\", \"CVE-2020-25656\", \"CVE-2020-25668\", \"CVE-2020-8694\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-1901)\");\n script_summary(english:\"Check for the openSUSE-2020-1901 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-25668: Fixed concurrency use-after-free in\n con_font_op (bnc#1178123).\n\n - CVE-2020-25656: Fixed race condition in kbd code\n (bnc#1177766).\n\n - CVE-2020-25285: A race condition between hugetlb sysctl\n handlers in mm/hugetlb.c kernel could be used by local\n attackers to corrupt memory, cause a NULL pointer\n dereference, or possibly have unspecified other impact,\n aka CID-17743798d812 (bnc#1176485).\n\n - CVE-2020-0430: In skb_headlen of\n /include/linux/skbuff.h, there is a possible out of\n bounds read due to memory corruption. This could lead to\n local escalation of privilege with no additional\n execution privileges needed. User interaction is not\n needed for exploitation (bnc#1176723).\n\n - CVE-2020-14351: Fixed race in the perf_mmap_close()\n function (bsc#1177086).\n\n - CVE-2020-16120: Fixed verify permissions in\n ovl_path_open() (bsc#1177470).\n\n - CVE-2020-8694: Restrict energy meter to root access to\n avoid side channel attack (bsc#1170415).\n\nThe following non-security bugs were fixed :\n\n - 9P: Cast to loff_t before multiplying (git-fixes).\n\n - ACPI / extlog: Check for RDMSR failure (git-fixes).\n\n - ACPI: debug: do not allow debugging when ACPI is\n disabled (git-fixes).\n\n - ACPI: dock: fix enum-conversion warning (git-fixes).\n\n - ACPI: video: use ACPI backlight for HP 635 Notebook\n (git-fixes).\n\n - ALSA: bebob: potential info leak in hwdep_read()\n (git-fixes).\n\n - ALSA: compress_offload: remove redundant initialization\n (git-fixes).\n\n - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro\n (git-fixes).\n\n - ALSA: core: pcm: simplify locking for timers\n (git-fixes).\n\n - ALSA: core: timer: clarify operator precedence\n (git-fixes).\n\n - ALSA: core: timer: remove redundant assignment\n (git-fixes).\n\n - ALSA: ctl: Workaround for lockdep warning wrt\n card->ctl_files_rwlock (git-fixes).\n\n - ALSA: hda - Do not register a cb func if it is\n registered already (git-fixes).\n\n - ALSA: hda - Fix the return value if cb func is already\n registered (git-fixes).\n\n - ALSA: hda/realtek - Add mute Led support for HP\n Elitebook 845 G7 (git-fixes).\n\n - ALSA: hda/realtek - The front Mic on a HP machine does\n not work (git-fixes).\n\n - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA\n with ALC887 (git-fixes).\n\n - ALSA: hda: auto_parser: remove shadowed variable\n declaration (git-fixes).\n\n - ALSA: hda: prevent undefined shift in\n snd_hdac_ext_bus_get_link() (git-fixes).\n\n - ALSA: hda: use semicolons rather than commas to separate\n statements (git-fixes).\n\n - ALSA: mixart: Correct comment wrt obsoleted tasklet\n usage (git-fixes).\n\n - ALSA: rawmidi: (cosmetic) align function parameters\n (git-fixes).\n\n - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl\n (git-fixes).\n\n - ALSA: usb-audio: Add mixer support for Pioneer DJ\n DJM-250MK2 (git-fixes).\n\n - ALSA: usb-audio: endpoint.c: fix repeated word 'there'\n (git-fixes).\n\n - ALSA: usb-audio: fix spelling mistake 'Frequence' ->\n 'Frequency' (git-fixes).\n\n - ASoC: qcom: lpass-cpu: fix concurrency issue\n (git-fixes).\n\n - ASoC: qcom: lpass-platform: fix memory leak (git-fixes).\n\n - Add cherry-picked ids for already backported DRM radeon\n patches\n\n - Bluetooth: MGMT: Fix not checking if BT_HS is enabled\n (git-fixes).\n\n - Bluetooth: Only mark socket zapped after unlocking\n (git-fixes).\n\n - EDAC/i5100: Fix error handling order in i5100_init_one()\n (bsc#1112178).\n\n - Fix use after free in get_capset_info callback\n (git-fixes).\n\n - HID: roccat: add bounds checking in\n kone_sysfs_write_settings() (git-fixes).\n\n - HID: wacom: Avoid entering wacom_wac_pen_report for pad\n / battery (git-fixes).\n\n - Input: ep93xx_keypad - fix handling of\n platform_get_irq() error (git-fixes).\n\n - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515\n (git-fixes).\n\n - Input: imx6ul_tsc - clean up some errors in\n imx6ul_tsc_resume() (git-fixes).\n\n - Input: omap4-keypad - fix handling of platform_get_irq()\n error (git-fixes).\n\n - Input: sun4i-ps2 - fix handling of platform_get_irq()\n error (git-fixes).\n\n - Input: twl4030_keypad - fix handling of\n platform_get_irq() error (git-fixes).\n\n - NTB: hw: amd: fix an issue about leak system resources\n (git-fixes).\n\n - USB: adutux: fix debugging (git-fixes).\n\n - USB: cdc-acm: handle broken union descriptors\n (git-fixes).\n\n - USB: cdc-wdm: Make wdm_flush() interruptible and add\n wdm_fsync() (git-fixes).\n\n - USB: serial: qcserial: fix altsetting probing\n (git-fixes).\n\n - VMCI: check return value of get_user_pages_fast() for\n errors (git-fixes).\n\n - XEN uses irqdesc::irq_data_common::handler_data to store\n a per interrupt XEN data pointer which contains XEN\n specific information (XSA-332 bsc#1065600).\n\n - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs\n (git-fixes).\n\n - ata: sata_rcar: Fix DMA boundary mask (git-fixes).\n\n - ath10k: Fix the size used in a 'dma_free_coherent()'\n call in an error handling path (git-fixes).\n\n - ath10k: check idx validity in\n __ath10k_htt_rx_ring_fill_n() (git-fixes).\n\n - ath10k: fix VHT NSS calculation when STBC is enabled\n (git-fixes).\n\n - ath10k: provide survey info as accumulated data\n (git-fixes).\n\n - ath10k: start recovery process when payload length\n exceeds max htc length for sdio (git-fixes).\n\n - ath6kl: prevent potential array overflow in\n ath6kl_add_new_sta() (git-fixes).\n\n - ath6kl: wmi: prevent a shift wrapping bug in\n ath6kl_wmi_delete_pstream_cmd() (git-fixes).\n\n - ath9k: Fix potential out of bounds in\n ath9k_htc_txcompletion_cb() (git-fixes).\n\n - ath9k: hif_usb: fix race condition between usb_get_urb()\n and usb_kill_anchored_urbs() (git-fixes).\n\n - backlight: sky81452-backlight: Fix refcount imbalance on\n error (git-fixes).\n\n - blk-mq: order adding requests to hctx->dispatch and\n checking SCHED_RESTART (bsc#1177750).\n\n - block: ensure bdi->io_pages is always initialized\n (bsc#1177749).\n\n - bnxt: do not enable NAPI until rings are ready\n (networking-stable-20_09_11).\n\n - bnxt_en: Check for zero dir entries in NVRAM\n (networking-stable-20_09_11).\n\n - brcm80211: fix possible memleak in\n brcmf_proto_msgbuf_attach (git-fixes).\n\n - brcmfmac: check ndev pointer (git-fixes).\n\n - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy\n (git-fixes).\n\n - btrfs: check the right error variable in\n btrfs_del_dir_entries_in_log (bsc#1177687).\n\n - btrfs: do not force read-only after error in drop\n snapshot (bsc#1176354).\n\n - btrfs: do not set the full sync flag on the inode during\n page release (bsc#1177687).\n\n - btrfs: fix incorrect updating of log root tree\n (bsc#1177687).\n\n - btrfs: fix race between page release and a fast fsync\n (bsc#1177687).\n\n - btrfs: only commit delayed items at fsync if we are\n logging a directory (bsc#1177687).\n\n - btrfs: only commit the delayed inode when doing a full\n fsync (bsc#1177687).\n\n - btrfs: qgroup: fix qgroup meta rsv leak for subvolume\n operations (bsc#1177856).\n\n - btrfs: qgroup: fix wrong qgroup metadata reserve for\n delayed inode (bsc#1177855).\n\n - btrfs: reduce contention on log trees when logging\n checksums (bsc#1177687).\n\n - btrfs: release old extent maps during page release\n (bsc#1177687).\n\n - btrfs: remove no longer needed use of log_writers for\n the log root tree (bsc#1177687).\n\n - btrfs: remove root usage from can_overcommit\n (bsc#1131277).\n\n - btrfs: stop incremening log_batch for the log root tree\n when syncing log (bsc#1177687).\n\n - btrfs: take overcommit into account in\n inc_block_group_ro (bsc#1176560).\n\n - btrfs: tree-checker: fix false alert caused by legacy\n btrfs root item (bsc#1177861).\n\n - bus/fsl_mc: Do not rely on caller to provide non NULL\n mc_io (git-fixes).\n\n - can: c_can: reg_map_(c,d)_can: mark as __maybe_unused\n (git-fixes).\n\n - can: can_create_echo_skb(): fix echo skb generation:\n always use skb_clone() (git-fixes).\n\n - can: dev: __can_get_echo_skb(): fix real payload length\n return value for RTR frames (git-fixes).\n\n - can: dev: can_get_echo_skb(): prevent call to\n kfree_skb() in hard IRQ context (git-fixes).\n\n - can: flexcan: flexcan_chip_stop(): add error handling\n and propagate error value (git-fixes).\n\n - can: peak_canfd: pucan_handle_can_rx(): fix echo\n management when loopback is on (git-fixes).\n\n - can: peak_usb: add range checking in decode operations\n (git-fixes).\n\n - can: peak_usb: peak_usb_get_ts_time(): fix timestamp\n wrapping (git-fixes).\n\n - can: rx-offload: do not call kfree_skb() from IRQ\n context (git-fixes).\n\n - can: softing: softing_card_shutdown(): add braces around\n empty body in an 'if' statement (git-fixes).\n\n - ceph: fix memory leak in ceph_cleanup_snapid_map()\n (bsc#1178234).\n\n - ceph: map snapid to anonymous bdev ID (bsc#1178234).\n\n - ceph: promote to unsigned long long before shifting\n (bsc#1178187).\n\n - clk: at91: clk-main: update key before writing\n AT91_CKGR_MOR (git-fixes).\n\n - clk: at91: remove the checking of parent_name\n (git-fixes).\n\n - clk: bcm2835: add missing release if\n devm_clk_hw_register fails (git-fixes).\n\n - clk: imx8mq: Fix usdhc parents order (git-fixes).\n\n - clk: ti: clockdomain: fix static checker warning\n (git-fixes).\n\n - coredump: fix crash when umh is disabled (bsc#1177753).\n\n - crypto: algif_skcipher - EBUSY on aio should be an error\n (git-fixes).\n\n - crypto: bcm - Verify GCM/CCM key length in setkey\n (git-fixes).\n\n - crypto: ccp - fix error handling (git-fixes).\n\n - crypto: ixp4xx - Fix the size used in a\n 'dma_free_coherent()' call (git-fixes).\n\n - crypto: mediatek - Fix wrong return value in\n mtk_desc_ring_alloc() (git-fixes).\n\n - crypto: omap-sham - fix digcnt register handling with\n export/import (git-fixes).\n\n - cxl: Rework error message for incompatible slots\n (bsc#1055014 git-fixes).\n\n - cypto: mediatek - fix leaks in mtk_desc_ring_alloc\n (git-fixes).\n\n - device property: Do not clear secondary pointer for\n shared primary firmware node (git-fixes).\n\n - device property: Keep secondary firmware node secondary\n by type (git-fixes).\n\n - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status\n (git-fixes).\n\n - drm/amd/display: Do not invoke kgdb_breakpoint()\n unconditionally (git-fixes).\n\n - drm/amd/display: HDMI remote sink need mode validation\n for Linux (git-fixes).\n\n - drm/amdgpu: do not map BO in reserved region\n (git-fixes).\n\n - drm/amdgpu: prevent double kfree ttm->sg (git-fixes).\n\n - drm/bridge/synopsys: dsi: add support for non-continuous\n HS clock (git-fixes).\n\n - drm/brige/megachips: Add checking if\n ge_b850v3_lvds_init() is working correctly (git-fixes).\n\n - drm/gma500: fix error check (git-fixes).\n\n - drm/i915: Force VT'd workarounds when running as a guest\n OS (git-fixes).\n\n - drm/imx: tve remove extraneous type qualifier\n (git-fixes).\n\n - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds()\n (git-fixes).\n\n - drm/nouveau/mem: guard against NULL pointer access in\n mem_del (git-fixes).\n\n - drm/ttm: fix eviction valuable range check (git-fixes).\n\n - eeprom: at25: set minimum read/write access stride to 1\n (git-fixes).\n\n - efivarfs: Replace invalid slashes with exclamation marks\n in dentries (git-fixes).\n\n - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY\n (networking-stable-20_08_24).\n\n - gtp: add GTPA_LINK info to msg sent to userspace\n (networking-stable-20_09_11).\n\n - i2c: imx: Fix external abort on interrupt in exit paths\n (git-fixes).\n\n - ibmveth: Identify ingress large send packets\n (bsc#1178185 ltc#188897).\n\n - ibmveth: Switch order of ibmveth_helper calls\n (bsc#1061843 git-fixes).\n\n - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943\n git-fixes).\n\n - ibmvnic: save changed mac address to adapter->mac_addr\n (bsc#1134760 ltc#177449 git-fixes).\n\n - icmp: randomize the global rate limiter (git-fixes).\n\n - iio:accel:bma180: Fix use of true when should be\n iio_shared_by enum (git-fixes).\n\n - iio:adc:max1118 Fix alignment of timestamp and data leak\n issues (git-fixes).\n\n - iio:adc:ti-adc0832 Fix alignment issue with timestamp\n (git-fixes).\n\n - iio:adc:ti-adc12138 Fix alignment issue with timestamp\n (git-fixes).\n\n - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE\n (git-fixes).\n\n - iio:gyro:itg3200: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:light:si1145: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:magn:hmc5843: Fix passing true where iio_shared_by\n enum required (git-fixes).\n\n - ima: Remove semicolon at the end of\n ima_get_binary_runtime_size() (git-fixes).\n\n - include/linux/swapops.h: correct guards for\n non_swap_entry() (git-fixes (mm/swap)).\n\n - iomap: Make sure iomap_end is called after iomap_begin\n (bsc#1177754).\n\n - ip: fix tos reflection in ack and reset packets\n (networking-stable-20_09_24).\n\n - ipv4: Restore flowi4_oif update before call to\n xfrm_lookup_route (git-fixes).\n\n - ipv4: Update exception handling for multipath routes via\n same device (networking-stable-20_09_24).\n\n - iwlwifi: mvm: split a print to avoid a WARNING in ROC\n (git-fixes).\n\n - kbuild: enforce -Werror=return-type (bsc#1177281).\n\n - leds: bcm6328, bcm6358: use devres LED registering\n function (git-fixes).\n\n - leds: mt6323: move period calculation (git-fixes).\n\n - lib/crc32.c: fix trivial typo in preprocessor condition\n (git-fixes).\n\n - libceph: clear con->out_msg on Policy::stateful_server\n faults (bsc#1178188).\n\n - mac80211: handle lack of sband->bitrates in rates\n (git-fixes).\n\n - mailbox: avoid timer start from callback (git-fixes).\n\n - media: Revert 'media: exynos4-is: Add missed check for\n pinctrl_lookup_state()' (git-fixes).\n\n - media: ati_remote: sanity check for both endpoints\n (git-fixes).\n\n - media: bdisp: Fix runtime PM imbalance on error\n (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak\n (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak due to\n pm_runtime_get_sync (git-fixes).\n\n - media: exynos4-is: Fix several reference count leaks due\n to pm_runtime_get_sync (git-fixes).\n\n - media: firewire: fix memory leak (git-fixes).\n\n - media: m5mols: Check function pointer in\n m5mols_sensor_power (git-fixes).\n\n - media: media/pci: prevent memory leak in bttv_probe\n (git-fixes).\n\n - media: omap3isp: Fix memleak in isp_probe (git-fixes).\n\n - media: platform: Improve queue set up flow for bug\n fixing (git-fixes).\n\n - media: platform: fcp: Fix a reference count leak\n (git-fixes).\n\n - media: platform: s3c-camif: Fix runtime PM imbalance on\n error (git-fixes).\n\n - media: platform: sti: hva: Fix runtime PM imbalance on\n error (git-fixes).\n\n - media: s5p-mfc: Fix a reference count leak (git-fixes).\n\n - media: saa7134: avoid a shift overflow (git-fixes).\n\n - media: st-delta: Fix reference count leak in\n delta_run_work (git-fixes).\n\n - media: sti: Fix reference count leaks (git-fixes).\n\n - media: tc358743: initialize variable (git-fixes).\n\n - media: ti-vpe: Fix a missing check and reference count\n leak (git-fixes).\n\n - media: tuner-simple: fix regression in\n simple_set_radio_freq (git-fixes).\n\n - media: tw5864: check status of tw5864_frameinterval_get\n (git-fixes).\n\n - media: usbtv: Fix refcounting mixup (git-fixes).\n\n - media: uvcvideo: Ensure all probed info is returned to\n v4l2 (git-fixes).\n\n - media: vsp1: Fix runtime PM imbalance on error\n (git-fixes).\n\n - memory: fsl-corenet-cf: Fix handling of\n platform_get_irq() error (git-fixes).\n\n - memory: omap-gpmc: Fix a couple off by ones (git-fixes).\n\n - mfd: sm501: Fix leaks in probe() (git-fixes).\n\n - mic: vop: copy data to kernel space then write to io\n memory (git-fixes).\n\n - misc: mic: scif: Fix error handling path (git-fixes).\n\n - misc: rtsx: Fix memory leak in rtsx_pci_probe\n (git-fixes).\n\n - misc: vop: add round_up(x,4) for vring_size to avoid\n kernel panic (git-fixes).\n\n - mlx5 PPC ringsize workaround (bsc#1173432).\n\n - mlx5: remove support for ib_get_vector_affinity\n (bsc#1174748).\n\n - mm, numa: fix bad pmd by atomically check for\n pmd_trans_huge when marking page tables prot_numa\n (git-fixes (mm/numa)).\n\n - mm/huge_memory.c: use head to check huge zero page\n (git-fixes (mm/thp)).\n\n - mm/ksm.c: do not WARN if page is still mapped in\n remove_stable_node() (git-fixes (mm/hugetlb)).\n\n - mm/mempolicy.c: fix out of bounds write in\n mpol_parse_str() (git-fixes (mm/mempolicy)).\n\n - mm/mempolicy.c: use match_string() helper to simplify\n the code (git-fixes (mm/mempolicy)).\n\n - mm/page-writeback.c: avoid potential division by zero in\n wb_min_max_ratio() (git-fixes (mm/writeback)).\n\n - mm/page-writeback.c: improve arithmetic divisions\n (git-fixes (mm/writeback)).\n\n - mm/page-writeback.c: use div64_ul() for\n u64-by-unsigned-long divide (git-fixes (mm/writeback)).\n\n - mm/page_owner.c: remove drain_all_pages from\n init_early_allocated_pages (git-fixes (mm/debug)).\n\n - mm/rmap: fixup copying of soft dirty and uffd ptes\n (git-fixes (mm/rmap)).\n\n - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n\n (git-fixes (mm/zsmalloc)).\n\n - mm/zsmalloc.c: fix race condition in zs_destroy_pool\n (git-fixes (mm/zsmalloc)).\n\n - mm/zsmalloc.c: fix the migrated zspage statistics\n (git-fixes (mm/zsmalloc)).\n\n - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY\n indefinitely (git-fixes (mm/zsmalloc)).\n\n - mm: hugetlb: switch to css_tryget() in\n hugetlb_cgroup_charge_cgroup() (git-fixes (mm/hugetlb)).\n\n - mmc: sdhci-of-esdhc: set timeout to max before tuning\n (git-fixes).\n\n - mmc: sdio: Check for CISTPL_VERS_1 buffer size\n (git-fixes).\n\n - mtd: lpddr: Fix bad logic in print_drs_error\n (git-fixes).\n\n - mtd: lpddr: fix excessive stack usage with clang\n (git-fixes).\n\n - mtd: mtdoops: Do not write panic data twice (git-fixes).\n\n - mwifiex: Do not use GFP_KERNEL in atomic context\n (git-fixes).\n\n - mwifiex: Remove unnecessary braces from\n HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes).\n\n - mwifiex: do not call del_timer_sync() on uninitialized\n timer (git-fixes).\n\n - mwifiex: fix double free (git-fixes).\n\n - mwifiex: remove function pointer check (git-fixes).\n\n - net/mlx5e: Take common TIR context settings into a\n function (bsc#1177740).\n\n - net/mlx5e: Turn on HW tunnel offload in all TIRs\n (bsc#1177740).\n\n - net: Fix potential wrong skb->protocol in\n skb_vlan_untag() (networking-stable-20_08_24).\n\n - net: disable netpoll on fresh napis\n (networking-stable-20_09_11).\n\n - net: fec: Fix PHY init after\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix phy_device lookup for\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: hns: Fix memleak in hns_nic_dev_probe\n (networking-stable-20_09_11).\n\n - net: ipv6: fix kconfig dependency warning for\n IPV6_SEG6_HMAC (networking-stable-20_09_24).\n\n - net: phy: Avoid NPD upon phy_detach() when driver is\n unbound (networking-stable-20_09_24).\n\n - net: qrtr: fix usage of idr in port assignment to socket\n (networking-stable-20_08_24).\n\n - net: systemport: Fix memleak in bcm_sysport_probe\n (networking-stable-20_09_11).\n\n - net: usb: dm9601: Add USB ID of Keenetic Plus DSL\n (networking-stable-20_09_11).\n\n - net: usb: qmi_wwan: add Cellient MPL200 card\n (git-fixes).\n\n - net: usb: rtl8150: set random MAC address when\n set_ethernet_addr() fails (git-fixes).\n\n - net: wireless: nl80211: fix out-of-bounds access in\n nl80211_del_key() (git-fixes).\n\n - netlabel: fix problems with mapping removal\n (networking-stable-20_09_11).\n\n - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute\n in nfc_genl_fw_download() (git-fixes).\n\n - nl80211: fix non-split wiphy information (git-fixes).\n\n - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).\n\n - nvme-rdma: fix crash when connect rejected\n (bsc#1174748).\n\n - nvme: do not update disk info for multipathed device\n (bsc#1171558).\n\n - p54: avoid accessing the data mapped to streaming DMA\n (git-fixes).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM\n configuration (git-fixes).\n\n - power: supply: test_power: add missing newlines when\n printing parameters by sysfs (git-fixes).\n\n - powerpc/hwirq: Remove stale forward irq_chip declaration\n (bsc#1065729).\n\n - powerpc/icp-hv: Fix missing of_node_put() in success\n path (bsc#1065729).\n\n - powerpc/irq: Drop forward declaration of struct\n irqaction (bsc#1065729).\n\n - powerpc/perf/hv-gpci: Fix starting index value\n (bsc#1065729).\n\n - powerpc/powernv/dump: Fix race while processing OPAL\n dump (bsc#1065729).\n\n - powerpc/powernv/elog: Fix race while processing OPAL\n error log event (bsc#1065729).\n\n - powerpc/pseries: Fix missing of_node_put() in rng_init()\n (bsc#1065729).\n\n - powerpc/pseries: explicitly reschedule during drmem_lmb\n list traversal (bsc#1077428 ltc#163882 git-fixes).\n\n - powerpc: Fix undetected data corruption with P9N DD2.1\n VSX CI load emulation (bsc#1065729).\n\n - pty: do tty_flip_buffer_push without port->lock in\n pty_write (git-fixes).\n\n - pwm: lpss: Add range limit check for the base_unit\n register value (git-fixes).\n\n - pwm: lpss: Fix off by one error in base_unit math in\n pwm_lpss_prepare() (git-fixes).\n\n - regulator: defer probe when trying to get voltage from\n unresolved supply (git-fixes).\n\n - regulator: resolve supply after creating regulator\n (git-fixes).\n\n - ring-buffer: Return 0 on success from\n ring_buffer_resize() (git-fixes).\n\n - rpm/kernel-module-subpackage: make Group tag optional\n (bsc#1163592)\n\n - rtl8xxxu: prevent potential memory leak (git-fixes).\n\n - scsi: ibmvfc: Fix error return in ibmvfc_probe()\n (bsc#1065729).\n\n - scsi: ibmvscsi: Fix potential race after loss of\n transport (bsc#1178166 ltc#188226).\n\n - sctp: not disable bh in the whole sctp_get_port_local()\n (networking-stable-20_09_11).\n\n - spi: fsl-espi: Only process interrupts for expected\n events (git-fixes).\n\n - staging: comedi: cb_pcidas: Allow 2-channel commands for\n AO subdevice (git-fixes).\n\n - staging: octeon: Drop on uncorrectable alignment or FCS\n error (git-fixes).\n\n - staging: octeon: repair 'fixed-link' support\n (git-fixes).\n\n -\n target-rbd-fix-unmap-discard-block-size-conversion.patch\n : (bsc#1177271).\n\n -\n target-use-scsi_set_sense_information-helper-on-misc.pat\n ch: (bsc#1177719).\n\n - tg3: Fix soft lockup when tg3_reset_task() fails\n (networking-stable-20_09_11).\n\n - tipc: fix memory leak caused by tipc_buf_append()\n (git-fixes).\n\n - tipc: fix shutdown() of connection oriented socket\n (networking-stable-20_09_24).\n\n - tipc: fix shutdown() of connectionless socket\n (networking-stable-20_09_11).\n\n - tipc: fix the skb_unshare() in tipc_buf_append()\n (git-fixes).\n\n - tipc: fix uninit skb->data in tipc_nl_compat_dumpit()\n (networking-stable-20_08_24).\n\n - tipc: use skb_unshare() instead in tipc_buf_append()\n (networking-stable-20_09_24).\n\n - tty: ipwireless: fix error handling (git-fixes).\n\n - tty: serial: earlycon dependency (git-fixes).\n\n - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char\n (git-fixes).\n\n - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices\n (git-fixes).\n\n - usb: cdc-acm: fix cooldown mechanism (git-fixes).\n\n - usb: core: Solve race condition in anchor cleanup\n functions (git-fixes).\n\n - usb: dwc2: Fix INTR OUT transfers in DDMA mode\n (git-fixes).\n\n - usb: dwc2: Fix parameter type in function pointer\n prototype (git-fixes).\n\n - usb: dwc3: core: add phy cleanup for probe error\n handling (git-fixes).\n\n - usb: dwc3: core: do not trigger runtime pm when remove\n driver (git-fixes).\n\n - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests\n (git-fixes).\n\n - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus\n gadgets (git-fixes).\n\n - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and\n above (git-fixes).\n\n - usb: gadget: function: printer: fix use-after-free in\n __lock_acquire (git-fixes).\n\n - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as\n well (git-fixes).\n\n - usb: host: fsl-mph-dr-of: check return of dma_set_mask()\n (git-fixes).\n\n - usb: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n\n - usb: ohci: Default to per-port over-current protection\n (git-fixes).\n\n - usb: typec: tcpm: During PR_SWAP, source caps should be\n sent only after tSwapSourceStart (git-fixes).\n\n - usb: typec: tcpm: reset hard_reset_count for any\n disconnect (git-fixes).\n\n - vfs: fix FIGETBSZ ioctl on an overlayfs file\n (bsc#1178202).\n\n - video: fbdev: pvr2fb: initialize variables (git-fixes).\n\n - video: fbdev: sis: fix null ptr dereference (git-fixes).\n\n - video: fbdev: vga16fb: fix setting of pixclock because a\n pass-by-value error (git-fixes).\n\n - w1: mxc_w1: Fix timeout resolution problem leading to\n bus error (git-fixes).\n\n - watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101).\n\n - watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional\n (bsc#1177101).\n\n - wcn36xx: Fix reported 802.11n rx_highest rate\n wcn3660/wcn3680 (git-fixes).\n\n - writeback: Avoid skipping inode writeback (bsc#1177755).\n\n - writeback: Fix sync livelock due to b_dirty_time\n processing (bsc#1177755).\n\n - writeback: Protect inode->i_io_list with inode->i_lock\n (bsc#1177755).\n\n - x86, fakenuma: Fix invalid starting node ID (git-fixes\n (mm/x86/fakenuma)).\n\n - x86/apic: Unify duplicated local apic timer clockevent\n initialization (bsc#1112178).\n\n - x86/fpu: Allow multiple bits in clearcpuid= parameter\n (bsc#1112178).\n\n - x86/unwind/orc: Fix inactive tasks with stack pointer in\n %sp on GCC 10 compiled kernels (bsc#1058115\n bsc#1176907).\n\n - x86/xen: disable Firmware First mode for correctable\n memory errors (bsc#1176713).\n\n - xen/blkback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/events: add a new 'late EOI' evtchn framework\n (XSA-332 bsc#1177411).\n\n - xen/events: add a proper barrier to 2-level uevent\n unmasking (XSA-332 bsc#1177411).\n\n - xen/events: avoid removing an event channel while\n handling it (XSA-331 bsc#1177410).\n\n - xen/events: block rogue events for some time (XSA-332\n bsc#1177411).\n\n - xen/events: defer eoi in case of excessive number of\n events (XSA-332 bsc#1177411).\n\n - xen/events: do not use chip_data for legacy IRQs\n (XSA-332 bsc#1065600).\n\n - xen/events: fix race in evtchn_fifo_unmask() (XSA-332\n bsc#1177411).\n\n - xen/events: switch user event channels to lateeoi model\n (XSA-332 bsc#1177411).\n\n - xen/events: use a common cpu hotplug hook for event\n channels (XSA-332 bsc#1177411).\n\n - xen/gntdev.c: Mark pages as dirty (bsc#1065600).\n\n - xen/netback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/pciback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/scsiback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xfs: avoid infinite loop when cancelling CoW blocks\n after writeback failure (bsc#1178027).\n\n - xfs: do not update mtime on COW faults (bsc#1167030).\n\n - xfs: flush new eof page on truncate to avoid post-eof\n corruption (git-fixes).\n\n - xfs: limit entries returned when counting fsmap records\n (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1163592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167030\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=936888\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25668\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debugsource-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debugsource-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-devel-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-docs-html-4.12.14-lp151.28.79.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-macros-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-debugsource-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-qa-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-vanilla-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-syms-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debugsource-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:17", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).\n\nCVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).\n\nCVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470).\n\nCVE-2020-8694: Restricted energy meter to root access (bsc#1170415).\n\nCVE-2020-25705: A ICMP global rate limiting side-channel was removed which could lead to e.g. the SADDNS attack (bsc#1175721)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3326-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0430", "CVE-2020-14351", "CVE-2020-16120", "CVE-2020-25285", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-8694"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource"], "id": "SUSE_SU-2020-3326-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143858", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3326-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143858);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0430\",\n \"CVE-2020-8694\",\n \"CVE-2020-14351\",\n \"CVE-2020-16120\",\n \"CVE-2020-25285\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3326-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25656: Fixed a concurrency use-after-free in\nvt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers\nin mm/hugetlb.c (bnc#1176485).\n\nCVE-2020-0430: Fixed an OOB read in skb_headlen of\n/include/linux/skbuff.h (bnc#1176723).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function\n(bsc#1177086).\n\nCVE-2020-16120: Fixed a permissions issue in ovl_path_open()\n(bsc#1177470).\n\nCVE-2020-8694: Restricted energy meter to root access (bsc#1170415).\n\nCVE-2020-25705: A ICMP global rate limiting side-channel was removed\nwhich could lead to e.g. the SADDNS attack (bsc#1175721)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176560\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177754\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0430/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14351/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16120/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25285/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25656/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25705/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8694/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203326-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4478bf3e\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2020-3326=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3326=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3326=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-3326=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2020-3326=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25705\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.51.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:24:49", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c, aka CID-b4487b935452..(CVE-2020-25212)A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-14385)In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel(CVE-2020-0404)The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2176)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0404", "CVE-2020-14314", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285"], "modified": "2021-04-19T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2176.NASL", "href": "https://www.tenable.com/plugins/nessus/141329", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141329);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/19\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-14314\",\n \"CVE-2020-14385\",\n \"CVE-2020-14386\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2176)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):A TOCTOU mismatch in the\n NFS client code in the Linux kernel before 5.8.3 could\n be used by local attackers to corrupt memory or\n possibly have unspecified other impact because a size\n check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/\n nfs4xdr.c, aka CID-b4487b935452..(CVE-2020-25212)A flaw\n was found in the Linux kernel before 5.9-rc4. A failure\n of the file system metadata validator in XFS can cause\n an inode with a valid, user-creatable extended\n attribute to be flagged as corrupt. This can lead to\n the filesystem being shutdown, or otherwise rendered\n inaccessible until it is remounted, leading to a denial\n of service. The highest threat from this vulnerability\n is to system availability.(CVE-2020-14385)In\n uvc_scan_chain_forward of uvc_driver.c, there is a\n possible linked list corruption due to an unusual root\n cause. This could lead to local escalation of privilege\n in the kernel with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream\n kernel(CVE-2020-0404)The rbd block device driver in\n drivers/block/rbd.c in the Linux kernel through 5.8.9\n used incomplete permission checking for access to rbd\n devices, which could be leveraged by local attackers to\n map or unmap rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)A race condition\n between hugetlb sysctl handlers in mm/hugetlb.c in the\n Linux kernel before 5.8.8 could be used by local\n attackers to corrupt memory, cause a NULL pointer\n dereference, or possibly have unspecified other impact,\n aka CID-17743798d812.(CVE-2020-25285)A memory\n out-of-bounds read flaw was found in the Linux kernel\n before 5.9-rc2 with the ext3/ext4 file system, in the\n way it accesses a directory with broken indexing. This\n flaw allows a local user to crash the system if the\n directory exists. The highest threat from this\n vulnerability is to system\n availability.(CVE-2020-14314)A flaw was found in the\n Linux kernel before 5.9-rc4. Memory corruption can be\n exploited to gain root privileges from unprivileged\n processes. The highest threat from this vulnerability\n is to data confidentiality and\n integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2176\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ba7a261\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.18.0-147.5.1.0.h208.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.0.h208.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.0.h208.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.0.h208.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:25:13", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5884 advisory.\n\n - A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2020-14356)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. (CVE-2020-14386)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5884)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14314", "CVE-2020-14356", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2020-5884.NASL", "href": "https://www.tenable.com/plugins/nessus/141395", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5884.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141395);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2020-14314\",\n \"CVE-2020-14356\",\n \"CVE-2020-14385\",\n \"CVE-2020-14386\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5884)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5884 advisory.\n\n - A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found\n in the way when reboot the system. A local user could use this flaw to crash the system or escalate their\n privileges on the system. (CVE-2020-14356)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in\n XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can\n lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading\n to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root\n privileges from unprivileged processes. The highest threat from this vulnerability is to data\n confidentiality and integrity. (CVE-2020-14386)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5884.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14386\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2011.7.4.el7uek', '5.4.17-2011.7.4.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5884');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2011.7.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2011.7.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2011.7.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2011.7.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2011.7.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2011.7.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2011.7.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2011.7.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2011.7.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2011.7.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2011.7.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2011.7.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2011.7.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2011.7.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2011.7.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2011.7.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2011.7.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2011.7.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2011.7.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2011.7.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2011.7.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2011.7.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2011.7.4.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:19", "description": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).\n\n - CVE-2020-25668: Make FONTX ioctl use the tty pointer they were actually passed (bsc#1178123).\n\n - CVE-2020-25656: Extend func_buf_lock to readers (bnc#1177766).\n\n - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812 (bnc#1176485).\n\n - CVE-2020-14351: Fixed race in the perf_mmap_close() function (bsc#1177086).\n\n - CVE-2020-8694: Restrict energy meter to root access (bsc#1170415).\n\n - CVE-2020-16120: Check permission to open real file in overlayfs (bsc#1177470).\n\n - CVE-2020-25705: A ICMP global rate limiting side-channel was removed which could lead to e.g. the SADDNS attack (bsc#1175721)\n\nThe following non-security bugs were fixed :\n\n - ACPI: Always build evged in (git-fixes).\n\n - ACPI: button: fix handling lid state changes when input device closed (git-fixes).\n\n - ACPI: configfs: Add missing config_item_put() to fix refcount leak (git-fixes).\n\n - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes).\n\n - ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes).\n\n - ACPI / extlog: Check for RDMSR failure (git-fixes).\n\n - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).\n\n - act_ife: load meta modules before tcf_idr_check_alloc() (networking-stable-20_09_24).\n\n - Add CONFIG_CHECK_CODESIGN_EKU\n\n - ALSA: ac97: (cosmetic) align argument names (git-fixes).\n\n - ALSA: aoa: i2sbus: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).\n\n - ALSA: asihpi: fix spellint typo in comments (git-fixes).\n\n - ALSA: atmel: ac97: clarify operator precedence (git-fixes).\n\n - ALSA: bebob: potential info leak in hwdep_read() (git-fixes).\n\n - ALSA: compress_offload: remove redundant initialization (git-fixes).\n\n - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).\n\n - ALSA: core: pcm: simplify locking for timers (git-fixes).\n\n - ALSA: core: timer: clarify operator precedence (git-fixes).\n\n - ALSA: core: timer: remove redundant assignment (git-fixes).\n\n - ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes).\n\n - ALSA: fireworks: use semicolons rather than commas to separate statements (git-fixes).\n\n - ALSA: fix kernel-doc markups (git-fixes).\n\n - ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes).\n\n - ALSA: hda: (cosmetic) align function parameters (git-fixes).\n\n - ALSA: hda - Do not register a cb func if it is registered already (git-fixes).\n\n - ALSA: hda - Fix the return value if cb func is already registered (git-fixes).\n\n - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close (git-fixes).\n\n - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes).\n\n - ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes).\n\n - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes).\n\n - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes).\n\n - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes).\n\n - ALSA: hda/realtek - set mic to auto detect on a HP AIO machine (git-fixes).\n\n - ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes).\n\n - ALSA: hda: use semicolons rather than commas to separate statements (git-fixes).\n\n - ALSA: hdspm: Fix typo arbitary (git-fixes).\n\n - ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes).\n\n - ALSA: portman2x4: fix repeated word 'if' (git-fixes).\n\n - ALSA: rawmidi: (cosmetic) align function parameters (git-fixes).\n\n - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes).\n\n - ALSA: sparc: dbri: fix repeated word 'the' (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).\n\n - ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes).\n\n - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes).\n\n - ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes).\n\n - ALSA: usb-audio: fix spelling mistake 'Frequence' -> 'Frequency' (git-fixes).\n\n - ALSA: usb-audio: Line6 Pod Go interface requires static clock rate quirk (git-fixes).\n\n - ALSA: usb: scarless_gen2: fix endianness issue (git-fixes).\n\n - ALSA: vx: vx_core: clarify operator precedence (git-fixes).\n\n - ALSA: vx: vx_pcm: remove redundant assignment (git-fixes).\n\n - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes).\n\n - ASoC: cs42l51: manage mclk shutdown delay (git-fixes).\n\n - ASoC: fsl: imx-es8328: add missing put_device() call in imx_es8328_probe() (git-fixes).\n\n - ASoC: fsl_sai: Instantiate snd_soc_dai_driver (git-fixes).\n\n - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes).\n\n - ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes).\n\n - ASoC: qcom: lpass-platform: fix memory leak (git-fixes).\n\n - ASoC: qcom: sdm845: set driver name correctly (git-fixes).\n\n - ASoC: sun50i-codec-analog: Fix duplicate use of ADC enable bits (git-fixes).\n\n - ASoC: tlv320aic32x4: Fix bdiv clock rate derivation (git-fixes).\n\n - ata: sata_rcar: Fix DMA boundary mask (git-fixes).\n\n - ath10k: check idx validity in\n __ath10k_htt_rx_ring_fill_n() (git-fixes).\n\n - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes).\n\n - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).\n\n - ath10k: provide survey info as accumulated data (git-fixes).\n\n - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes).\n\n - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes).\n\n - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() (git-fixes).\n\n - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes).\n\n - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes).\n\n - ath9k_htc: Use appropriate rs_datalen type (git-fixes).\n\n - backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes).\n\n - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750).\n\n - block: ensure bdi->io_pages is always initialized (bsc#1177749).\n\n - block: Fix page_is_mergeable() for compound pages (bsc#1177814).\n\n - block: Set same_page to false in __bio_try_merge_page if ret is false (git-fixes).\n\n - Bluetooth: btusb: Fix memleak in btusb_mtk_submit_wmt_recv_urb (git-fixes).\n\n - Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes).\n\n - Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes).\n\n - Bluetooth: Only mark socket zapped after unlocking (git-fixes).\n\n - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (git-fixes).\n\n - bonding: show saner speed for broadcast mode (networking-stable-20_08_24).\n\n - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes).\n\n - brcmfmac: check ndev pointer (git-fixes).\n\n - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes).\n\n - btrfs: Account for merged patches upstream Move below patches to sorted section.\n\n - btrfs: add owner and fs_info to alloc_state io_tree (bsc#1177854).\n\n - btrfs: allocate scrub workqueues outside of locks (bsc#1178183).\n\n - btrfs: cleanup cow block on error (bsc#1178584).\n\n - btrfs: do not force read-only after error in drop snapshot (bsc#1176354).\n\n - btrfs: drop path before adding new uuid tree entry (bsc#1178176).\n\n - btrfs: fix filesystem corruption after a device replace (bsc#1178395).\n\n - btrfs: fix NULL pointer dereference after failure to create snapshot (bsc#1178190).\n\n - btrfs: fix overflow when copying corrupt csums for a message (bsc#1178191).\n\n - btrfs: fix space cache memory leak after transaction abort (bsc#1178173).\n\n - btrfs: move btrfs_rm_dev_replace_free_srcdev outside of all locks (bsc#1178395).\n\n - btrfs: move btrfs_scratch_superblocks into btrfs_dev_replace_finishing (bsc#1178395).\n\n - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856).\n\n - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855).\n\n - btrfs: reschedule if necessary when logging directory items (bsc#1178585).\n\n - btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579).\n\n - btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581).\n\n - btrfs: set the correct lockdep class for new nodes (bsc#1178184).\n\n - btrfs: set the lockdep class for log tree extent buffers (bsc#1178186).\n\n - btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861).\n\n - can: can_create_echo_skb(): fix echo skb generation:\n always use skb_clone() (git-fixes).\n\n - can: c_can: reg_map_(c,d)_can: mark as __maybe_unused (git-fixes).\n\n - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes).\n\n - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes).\n\n - can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes).\n\n - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes).\n\n - can: flexcan: remove ack_grp and ack_bit handling from driver (git-fixes).\n\n - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes).\n\n - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes).\n\n - can: peak_usb: add range checking in decode operations (git-fixes).\n\n - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes).\n\n - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).\n\n - can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes).\n\n - ceph: promote to unsigned long long before shifting (bsc#1178175).\n\n - clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes).\n\n - clk: at91: remove the checking of parent_name (git-fixes).\n\n - clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes).\n\n - clk: imx8mq: Fix usdhc parents order (git-fixes).\n\n - clk: keystone: sci-clk: fix parsing assigned-clock data during probe (git-fixes).\n\n - clk: meson: g12a: mark fclk_div2 as critical (git-fixes).\n\n - clk: qcom: gcc-sdm660: Fix wrong parent_map (git-fixes).\n\n - crypto: ccp - fix error handling (git-fixes).\n\n - cxgb4: fix memory leak during module unload (networking-stable-20_09_24).\n\n - cxgb4: Fix offset when clearing filter byte counters (networking-stable-20_09_24).\n\n - cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes).\n\n - dax: Fix compilation for CONFIG_DAX && !CONFIG_FS_DAX (bsc#1177817).\n\n - Disable module compression on SLE15 SP2 (bsc#1178307)\n\n - dma-direct: add missing set_memory_decrypted() for coherent mapping (bsc#1175898, ECO-2743).\n\n - dma-direct: always align allocation size in dma_direct_alloc_pages() (bsc#1175898, ECO-2743).\n\n - dma-direct: atomic allocations must come from atomic coherent pools (bsc#1175898, ECO-2743).\n\n - dma-direct: check return value when encrypting or decrypting memory (bsc#1175898, ECO-2743).\n\n - dma-direct: consolidate the error handling in dma_direct_alloc_pages (bsc#1175898, ECO-2743).\n\n - dma-direct: make uncached_kernel_address more general (bsc#1175898, ECO-2743).\n\n - dma-direct: provide function to check physical memory area validity (bsc#1175898, ECO-2743).\n\n - dma-direct: provide mmap and get_sgtable method overrides (bsc#1175898, ECO-2743).\n\n - dma-direct: re-encrypt memory if dma_direct_alloc_pages() fails (bsc#1175898, ECO-2743).\n\n - dma-direct: remove __dma_direct_free_pages (bsc#1175898, ECO-2743).\n\n - dma-direct: remove the dma_handle argument to\n __dma_direct_alloc_pages (bsc#1175898, ECO-2743).\n\n - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes).\n\n - dmaengine: dmatest: Check list for emptiness before access its last entry (git-fixes).\n\n - dmaengine: dw: Activate FIFO-mode for memory peripherals only (git-fixes).\n\n - dma-mapping: add a dma_can_mmap helper (bsc#1175898, ECO-2743).\n\n - dma-mapping: always use VM_DMA_COHERENT for generic DMA remap (bsc#1175898, ECO-2743).\n\n - dma-mapping: DMA_COHERENT_POOL should select GENERIC_ALLOCATOR (bsc#1175898, ECO-2743).\n\n - dma-mapping: make dma_atomic_pool_init self-contained (bsc#1175898, ECO-2743).\n\n - dma-mapping: merge the generic remapping helpers into dma-direct (bsc#1175898, ECO-2743).\n\n - dma-mapping: remove arch_dma_mmap_pgprot (bsc#1175898, ECO-2743).\n\n - dma-mapping: warn when coherent pool is depleted (bsc#1175898, ECO-2743).\n\n - dma-pool: add additional coherent pools to map to gfp mask (bsc#1175898, ECO-2743).\n\n - dma-pool: add pool sizes to debugfs (bsc#1175898, ECO-2743).\n\n - dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL (bsc#1175898, ECO-2743).\n\n - dma-pool: do not allocate pool memory from CMA (bsc#1175898, ECO-2743).\n\n - dma-pool: dynamically expanding atomic pools (bsc#1175898, ECO-2743).\n\n - dma-pool: Fix an uninitialized variable bug in atomic_pool_expand() (bsc#1175898, ECO-2743).\n\n - dma-pool: fix coherent pool allocations for IOMMU mappings (bsc#1175898, ECO-2743).\n\n - dma-pool: fix too large DMA pools on medium memory size systems (bsc#1175898, ECO-2743).\n\n - dma-pool: get rid of dma_in_atomic_pool() (bsc#1175898, ECO-2743).\n\n - dma-pool: introduce dma_guess_pool() (bsc#1175898, ECO-2743).\n\n - dma-pool: make sure atomic pool suits device (bsc#1175898, ECO-2743).\n\n - dma-pool: Only allocate from CMA when in same memory zone (bsc#1175898, ECO-2743).\n\n - dma-pool: scale the default DMA coherent pool size with memory capacity (bsc#1175898, ECO-2743).\n\n - dma-remap: separate DMA atomic pools from direct remap code (bsc#1175898, ECO-2743).\n\n - dm: Call proper helper to determine dax support (bsc#1177817).\n\n - dm/dax: Fix table reference counts (bsc#1178246).\n\n - docs: driver-api: remove a duplicated index entry (git-fixes).\n\n - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes).\n\n - EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1152489).\n\n - eeprom: at25: set minimum read/write access stride to 1 (git-fixes).\n\n - exfat: fix name_hash computation on big endian systems (git-fixes).\n\n - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes).\n\n - exfat: fix possible memory leak in exfat_find() (git-fixes).\n\n - exfat: fix use of uninitialized spinlock on error path (git-fixes).\n\n - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes).\n\n - exfat: fix wrong size update of stream entry by typo (git-fixes).\n\n - extcon: ptn5150: Fix usage of atomic GPIO with sleeping GPIO chips (git-fixes).\n\n - futex: Adjust absolute futex timeouts with per time namespace offset (bsc#1164648).\n\n - futex: Consistently use fshared as boolean (bsc#1149032).\n\n - futex: Fix incorrect should_fail_futex() handling (bsc#1149032).\n\n - futex: Remove put_futex_key() (bsc#1149032).\n\n - futex: Remove unused or redundant includes (bsc#1149032).\n\n - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24).\n\n - gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11).\n\n - HID: hid-input: fix stylus battery reporting (git-fixes).\n\n - HID: ite: Add USB id match for Acer One S1003 keyboard dock (git-fixes).\n\n - HID: roccat: add bounds checking in kone_sysfs_write_settings() (git-fixes).\n\n - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery (git-fixes).\n\n - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).\n\n - i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs (git-fixes).\n\n - i2c: imx: Fix external abort on interrupt in exit paths (git-fixes).\n\n - i2c: rcar: Auto select RESET_CONTROLLER (git-fixes).\n\n - i3c: master add i3c_master_attach_boardinfo to preserve boardinfo (git-fixes).\n\n - i3c: master: Fix error return in cdns_i3c_master_probe() (git-fixes).\n\n - ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897).\n\n - ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes).\n\n - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes).\n\n - ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes).\n\n - ibmvnic: set up 200GBPS speed (bsc#1129923 git-fixes).\n\n - icmp: randomize the global rate limiter (git-fixes).\n\n - ida: Free allocated bitmap in error path (git-fixes).\n\n - iio:accel:bma180: Fix use of true when should be iio_shared_by enum (git-fixes).\n\n - iio: adc: gyroadc: fix leak of device node iterator (git-fixes).\n\n - iio: adc: stm32-adc: fix runtime autosuspend delay when slow polling (git-fixes).\n\n - iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes).\n\n - iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes).\n\n - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes).\n\n - iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio:magn:hmc5843: Fix passing true where iio_shared_by enum required (git-fixes).\n\n - ima: Do not ignore errors from crypto_shash_update() (git-fixes).\n\n - ima: Remove semicolon at the end of ima_get_binary_runtime_size() (git-fixes).\n\n - Input: ati_remote2 - add missing newlines when printing module parameters (git-fixes).\n\n - Input: ep93xx_keypad - fix handling of platform_get_irq() error (git-fixes).\n\n - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() (git-fixes).\n\n - Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes).\n\n - Input: stmfts - fix a & vs && typo (git-fixes).\n\n - Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes).\n\n - Input: twl4030_keypad - fix handling of platform_get_irq() error (git-fixes).\n\n - iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754).\n\n - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1177739).\n\n - ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24).\n\n - ipmi_si: Fix wrong return value in try_smi_init() (git-fixes).\n\n - ipv4: Initialize flowi4_multipath_hash in data path (networking-stable-20_09_24).\n\n - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route (git-fixes).\n\n - ipv4: Update exception handling for multipath routes via same device (networking-stable-20_09_24).\n\n - ipv6: avoid lockdep issue in fib6_del() (networking-stable-20_09_24).\n\n - ipv6: Fix sysctl max for fib_multipath_hash_policy (networking-stable-20_09_11).\n\n - ipvlan: fix device features (networking-stable-20_08_24).\n\n - iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes).\n\n - kABI: Fix kABI after add CodeSigning extended key usage (bsc#1177353).\n\n - kallsyms: Refactor kallsyms_show_value() to take cred (git-fixes).\n\n - kbuild: enforce -Werror=return-type (bsc#1177281).\n\n - KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages (git-fixes).\n\n - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes).\n\n - leds: mt6323: move period calculation (git-fixes).\n\n - libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178177).\n\n - lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes).\n\n - mac80211: handle lack of sband->bitrates in rates (git-fixes).\n\n - mailbox: avoid timer start from callback (git-fixes).\n\n - media: ati_remote: sanity check for both endpoints (git-fixes).\n\n - media: bdisp: Fix runtime PM imbalance on error (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak (git-fixes).\n\n - media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes).\n\n - media: firewire: fix memory leak (git-fixes).\n\n - media: i2c: ov5640: Enable data pins on poweron for DVP mode (git-fixes).\n\n - media: i2c: ov5640: Remain in power down for DVP mode unless streaming (git-fixes).\n\n - media: i2c: ov5640: Separate out mipi configuration from s_power (git-fixes).\n\n - media: imx274: fix frame interval handling (git-fixes).\n\n - media: media/pci: prevent memory leak in bttv_probe (git-fixes).\n\n - media: platform: Improve queue set up flow for bug fixing (git-fixes).\n\n - media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes).\n\n - media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes).\n\n - media: rcar_drif: Allocate v4l2_async_subdev dynamically (git-fixes).\n\n - media: rcar_drif: Fix fwnode reference leak when parsing DT (git-fixes).\n\n - media: saa7134: avoid a shift overflow (git-fixes).\n\n - media: st-delta: Fix reference count leak in delta_run_work (git-fixes).\n\n - media: sti: Fix reference count leaks (git-fixes).\n\n - media: tw5864: check status of tw5864_frameinterval_get (git-fixes).\n\n - media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes).\n\n - media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes).\n\n - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes).\n\n - media: venus: core: Fix runtime PM imbalance in venus_probe (git-fixes).\n\n - media: vsp1: Fix runtime PM imbalance on error (git-fixes).\n\n - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error (git-fixes).\n\n - memory: omap-gpmc: Fix a couple off by ones (git-fixes).\n\n - memory: omap-gpmc: Fix build error without CONFIG_OF (git-fixes).\n\n - mfd: sm501: Fix leaks in probe() (git-fixes).\n\n - mic: vop: copy data to kernel space then write to io memory (git-fixes).\n\n - misc: mic: scif: Fix error handling path (git-fixes).\n\n - misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes).\n\n - misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes).\n\n - mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes).\n\n - mm: do not panic when links can't be created in sysfs (bsc#1178002).\n\n - mm: do not rely on system state to detect hot-plug operations (bsc#1178002).\n\n - mm: fix a race during THP splitting (bsc#1178255).\n\n - mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)).\n\n - mm: madvise: fix vma user-after-free (git-fixes).\n\n - mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)).\n\n - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)).\n\n - mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)).\n\n - mm: replace memmap_context by meminit_context (bsc#1178002).\n\n - mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)).\n\n - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes).\n\n - mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)).\n\n - module: Correctly truncate sysfs sections output (git-fixes).\n\n - module: Do not expose section addresses to non-CAP_SYSLOG (git-fixes).\n\n - module: Refactor section attr into bin attribute (git-fixes).\n\n - module: statically initialize init section freeing data (git-fixes).\n\n - Move upstreamed BT patch into sorted section\n\n - mtd: lpddr: Fix bad logic in print_drs_error (git-fixes).\n\n - mtd: lpddr: fix excessive stack usage with clang (git-fixes).\n\n - mtd: mtdoops: Do not write panic data twice (git-fixes).\n\n - mtd: rawnand: stm32_fmc2: fix a buffer overflow (git-fixes).\n\n - mtd: rawnand: vf610: disable clk on error handling path in probe (git-fixes).\n\n - mtd: spinand: gigadevice: Add QE Bit (git-fixes).\n\n - mtd: spinand: gigadevice: Only one dummy byte in QUADIO (git-fixes).\n\n - mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes).\n\n - mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes).\n\n - mwifiex: fix double free (git-fixes).\n\n - mwifiex: remove function pointer check (git-fixes).\n\n - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes).\n\n - net: bridge: br_vlan_get_pvid_rcu() should dereference the VLAN group under RCU (networking-stable-20_09_24).\n\n - net/core: check length before updating Ethertype in skb_mpls_(push,pop) (git-fixes).\n\n - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (networking-stable-20_09_24).\n\n - net: disable netpoll on fresh napis (networking-stable-20_09_11).\n\n - net: dsa: b53: check for timeout (networking-stable-20_08_24).\n\n - net: dsa: rtl8366: Properly clear member config (networking-stable-20_09_24).\n\n - net: fec: correct the error path for regulator disable in probe (networking-stable-20_08_24).\n\n - net: Fix bridge enslavement failure (networking-stable-20_09_24).\n\n - net: Fix potential wrong skb->protocol in skb_vlan_untag() (networking-stable-20_08_24).\n\n - net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11).\n\n - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC (networking-stable-20_09_24).\n\n - netlabel: fix problems with mapping removal (networking-stable-20_09_11).\n\n - net: lantiq: Disable IRQs only if NAPI gets scheduled (networking-stable-20_09_24).\n\n - net: lantiq: Use napi_complete_done() (networking-stable-20_09_24).\n\n - net: lantiq: use netif_tx_napi_add() for TX NAPI (networking-stable-20_09_24).\n\n - net: lantiq: Wake TX queue again (networking-stable-20_09_24).\n\n - net/mlx5e: Enable adding peer miss rules only if merged eswitch is supported (networking-stable-20_09_24).\n\n - net/mlx5e: TLS, Do not expose FPGA TLS counter if not supported (networking-stable-20_09_24).\n\n - net/mlx5: Fix FTE cleanup (networking-stable-20_09_24).\n\n - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461).\n\n - net: phy: Avoid NPD upon phy_detach() when driver is unbound (networking-stable-20_09_24).\n\n - net: phy: Do not warn in phy_stop() on PHY_DOWN (networking-stable-20_09_24).\n\n - net: qrtr: fix usage of idr in port assignment to socket (networking-stable-20_08_24).\n\n - net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments() error flow (networking-stable-20_08_24).\n\n - net: sctp: Fix IPv6 ancestor_size calc in sctp_copy_descendant (networking-stable-20_09_24).\n\n - net: sctp: Fix negotiation of the number of data streams (networking-stable-20_08_24).\n\n - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (networking-stable-20_08_24).\n\n - net: systemport: Fix memleak in bcm_sysport_probe (networking-stable-20_09_11).\n\n - net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-20_09_11).\n\n - net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes).\n\n - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (git-fixes).\n\n - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes).\n\n - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() (git-fixes).\n\n - nfp: use correct define to return NONE fec (networking-stable-20_09_24).\n\n - nl80211: fix non-split wiphy information (git-fixes).\n\n - NTB: hw: amd: fix an issue about leak system resources (git-fixes).\n\n - ntb: intel: Fix memleak in intel_ntb_pci_probe (git-fixes).\n\n - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).\n\n - nvme-rdma: fix crash when connect rejected (bsc#1174748).\n\n - overflow: Include header file with SIZE_MAX declaration (git-fixes).\n\n - p54: avoid accessing the data mapped to streaming DMA (git-fixes).\n\n - PCI: aardvark: Check for errors from pci_bridge_emul_init() call (git-fixes).\n\n - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes).\n\n - percpu: fix first chunk size calculation for populated bitmap (git-fixes (mm/percpu)).\n\n - perf/x86/amd: Fix sampling Large Increment per Cycle events (bsc#1152489).\n\n - perf/x86: Fix n_pair for cancelled txn (bsc#1152489).\n\n - pinctrl: mcp23s08: Fix mcp23x17 precious range (git-fixes).\n\n - pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser (git-fixes).\n\n - PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification.\n\n - PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification (bsc#1177353).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes).\n\n - PM: hibernate: Batch hibernate and resume IO requests (bsc#1178079).\n\n - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes).\n\n - PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes).\n\n - powerpc/book3s64/radix: Make radix_mem_block_size 64bit (bsc#1055186 ltc#153436 git-fixes).\n\n - powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (bsc#1065729).\n\n - powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729).\n\n - powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729).\n\n - powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729).\n\n - powerpc/papr_scm: Fix warning triggered by perf_stats_show() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes).\n\n - powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729).\n\n - powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729).\n\n - powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#1065729).\n\n - powerpc/pseries: Avoid using addr_to_pfn in real mode (jsc#SLE-9246 git-fixes).\n\n - powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc#1077428 ltc#163882 git-fixes).\n\n - powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729).\n\n - power: supply: bq27xxx: report 'not charging' on all types (git-fixes).\n\n - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes).\n\n - pwm: img: Fix NULL pointer access in probe (git-fixes).\n\n - pwm: lpss: Add range limit check for the base_unit register value (git-fixes).\n\n - pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() (git-fixes).\n\n - qtnfmac: fix resource leaks on unsupported iftype error return path (git-fixes).\n\n - r8169: fix issue with forced threading in combination with shared interrupts (git-fixes).\n\n - r8169: fix operation under forced interrupt threading (git-fixes).\n\n - rapidio: fix the missed put_device() for rio_mport_add_riodev (git-fixes).\n\n - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes).\n\n - reset: sti: reset-syscfg: fix struct description warnings (git-fixes).\n\n - ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes).\n\n - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)\n\n - rtc: rx8010: do not modify the global rtc ops (git-fixes).\n\n - rtl8xxxu: prevent potential memory leak (git-fixes).\n\n - rtw88: increse the size of rx buffer size (git-fixes).\n\n - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177799 LTC#188733).\n\n - s390/dasd: Fix zero write for FBA devices (bsc#1177801 LTC#188735).\n\n - scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729).\n\n - scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226).\n\n - scsi: mptfusion: Do not use GFP_ATOMIC for larger DMA allocations (bsc#1175898, ECO-2743).\n\n - sctp: not disable bh in the whole sctp_get_port_local() (networking-stable-20_09_11).\n\n - selftests/timers: Turn off timeout setting (git-fixes).\n\n - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes).\n\n - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes).\n\n - slimbus: core: check get_addr before removing laddr ida (git-fixes).\n\n - slimbus: core: do not enter to clock pause mode in core (git-fixes).\n\n - slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback (git-fixes).\n\n - soc: fsl: qbman: Fix return value on success (git-fixes).\n\n - spi: spi-s3c64xx: Check return values (git-fixes).\n\n - spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath() (git-fixes).\n\n - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes).\n\n - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes).\n\n - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes).\n\n - staging: octeon: repair 'fixed-link' support (git-fixes).\n\n - staging: rtl8192u: Do not use GFP_KERNEL in atomic context (git-fixes).\n\n - taprio: Fix allowing too small intervals (networking-stable-20_09_24).\n\n - time: Prevent undefined behaviour in timespec64_to_ns() (bsc#1164648).\n\n - tipc: fix memory leak caused by tipc_buf_append() (git-fixes).\n\n - tipc: Fix memory leak in tipc_group_create_member() (networking-stable-20_09_24).\n\n - tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11).\n\n - tipc: fix shutdown() of connection oriented socket (networking-stable-20_09_24).\n\n - tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes).\n\n - tipc: fix uninit skb->data in tipc_nl_compat_dumpit() (networking-stable-20_08_24).\n\n - tipc: use skb_unshare() instead in tipc_buf_append() (networking-stable-20_09_24).\n\n - tracing: Check return value of __create_val_fields() before using its result (git-fixes).\n\n - tracing: Save normal string variables (git-fixes).\n\n - tty: ipwireless: fix error handling (git-fixes).\n\n - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes).\n\n - uio: free uio id after uio file node is freed (git-fixes).\n\n - USB: adutux: fix debugging (git-fixes).\n\n - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes).\n\n - usb: cdc-acm: fix cooldown mechanism (git-fixes).\n\n - USB: cdc-acm: handle broken union descriptors (git-fixes).\n\n - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync() (git-fixes).\n\n - usb: core: Solve race condition in anchor cleanup functions (git-fixes).\n\n - usb: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes).\n\n - usb: dwc2: Fix parameter type in function pointer prototype (git-fixes).\n\n - usb: dwc3: core: add phy cleanup for probe error handling (git-fixes).\n\n - usb: dwc3: core: do not trigger runtime pm when remove driver (git-fixes).\n\n - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes).\n\n - usb: dwc3: gadget: Resume pending requests after CLEAR_STALL (git-fixes).\n\n - usb: dwc3: pci: Allow Elkhart Lake to utilize DSM method for PM functionality (git-fixes).\n\n - usb: dwc3: simple: add support for Hikey 970 (git-fixes).\n\n - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes).\n\n - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes).\n\n - usb: gadget: function: printer: fix use-after-free in\n __lock_acquire (git-fixes).\n\n - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes).\n\n - usblp: fix race between disconnect() and read() (git-fixes).\n\n - usb: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n\n - usb: ohci: Default to per-port over-current protection (git-fixes).\n\n - USB: serial: cyberjack: fix write-URB completion race (git-fixes).\n\n - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes).\n\n - USB: serial: option: add Cellient MPL200 card (git-fixes).\n\n - USB: serial: option: Add Telit FT980-KS composition (git-fixes).\n\n - USB: serial: pl2303: add device-id for HP GC device (git-fixes).\n\n - USB: serial: qcserial: fix altsetting probing (git-fixes).\n\n - usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes).\n\n - usb: xhci-mtk: Fix typo (git-fixes).\n\n - usb: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes).\n\n - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).\n\n - VMCI: check return value of get_user_pages_fast() for errors (git-fixes).\n\n - w1: mxc_w1: Fix timeout resolution problem leading to bus error (git-fixes).\n\n - watchdog: Fix memleak in watchdog_cdev_register (git-fixes).\n\n - watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3 (git-fixes).\n\n - watchdog: Use put_device on error (git-fixes).\n\n - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes).\n\n - writeback: Avoid skipping inode writeback (bsc#1177755).\n\n - writeback: Fix sync livelock due to b_dirty_time processing (bsc#1177755).\n\n - writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755).\n\n - X.509: Add CodeSigning extended key usage parsing (bsc#1177353).\n\n - x86/alternative: Do not call text_poke() in lazy TLB mode (bsc#1175749).\n\n - x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1152489).\n\n - x86/ioapic: Unbreak check_timer() (bsc#1152489).\n\n - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).\n\n - x86/(mce,mm): Unmap the entire page if the whole page is affected and poisoned (bsc#1177765).\n\n - x86/mm: unencrypted non-blocking DMA allocations use coherent pools (bsc#1175898, ECO-2743).\n\n - x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713).\n\n - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411).\n\n - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411).\n\n - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410).\n\n - xen/events: block rogue events for some time (XSA-332 bsc#1177411).\n\n - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411).\n\n - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).\n\n - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411).\n\n - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411).\n\n - xen/gntdev.c: Mark pages as dirty (bsc#1065600).\n\n - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xen/pvcallsback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146).\n\n - xfs: do not update mtime on COW faults (bsc#1167030).\n\n - xfs: fix high key handling in the rt allocator's query_range function (git-fixes).\n\n - xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes).\n\n - xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files (git-fixes).\n\n - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes).\n\n - xfs: force the log after remapping a synchronous-writes file (git-fixes).\n\n - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166).\n\n - xfs: limit entries returned when counting fsmap records (git-fixes).\n\n - xfs: remove unused variable 'done' (bsc#1166166).\n\n - xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes).\n\n - xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166).\n\n - xhci: do not create endpoint debugfs entry before ring buffer is set (git-fixes).", "cvss3": {}, "published": "2020-11-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-1906)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14351", "CVE-2020-16120", "CVE-2020-25285", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-8694"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo", "p-cpe:/a:novell:opensuse:kernel-preempt-debugsource", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1906.NASL", "href": "https://www.tenable.com/plugins/nessus/142945", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1906.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142945);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-14351\",\n \"CVE-2020-16120\",\n \"CVE-2020-25285\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-8694\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-1906)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The openSUSE Leap 15.2 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-25704: Fixed a memory leak in\n perf_event_parse_addr_filter() (bsc#1178393).\n\n - CVE-2020-25668: Make FONTX ioctl use the tty pointer\n they were actually passed (bsc#1178123).\n\n - CVE-2020-25656: Extend func_buf_lock to readers\n (bnc#1177766).\n\n - CVE-2020-25285: Fixed a race condition between hugetlb\n sysctl handlers in mm/hugetlb.c in the Linux kernel\n could be used by local attackers to corrupt memory,\n cause a NULL pointer dereference, or possibly have\n unspecified other impact, aka CID-17743798d812\n (bnc#1176485).\n\n - CVE-2020-14351: Fixed race in the perf_mmap_close()\n function (bsc#1177086).\n\n - CVE-2020-8694: Restrict energy meter to root access\n (bsc#1170415).\n\n - CVE-2020-16120: Check permission to open real file in\n overlayfs (bsc#1177470).\n\n - CVE-2020-25705: A ICMP global rate limiting side-channel\n was removed which could lead to e.g. the SADDNS attack\n (bsc#1175721)\n\nThe following non-security bugs were fixed :\n\n - ACPI: Always build evged in (git-fixes).\n\n - ACPI: button: fix handling lid state changes when input\n device closed (git-fixes).\n\n - ACPI: configfs: Add missing config_item_put() to fix\n refcount leak (git-fixes).\n\n - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs\n (git-fixes).\n\n - ACPI: debug: do not allow debugging when ACPI is\n disabled (git-fixes).\n\n - ACPI / extlog: Check for RDMSR failure (git-fixes).\n\n - ACPI: video: use ACPI backlight for HP 635 Notebook\n (git-fixes).\n\n - act_ife: load meta modules before tcf_idr_check_alloc()\n (networking-stable-20_09_24).\n\n - Add CONFIG_CHECK_CODESIGN_EKU\n\n - ALSA: ac97: (cosmetic) align argument names (git-fixes).\n\n - ALSA: aoa: i2sbus: use DECLARE_COMPLETION_ONSTACK()\n macro (git-fixes).\n\n - ALSA: asihpi: fix spellint typo in comments (git-fixes).\n\n - ALSA: atmel: ac97: clarify operator precedence\n (git-fixes).\n\n - ALSA: bebob: potential info leak in hwdep_read()\n (git-fixes).\n\n - ALSA: compress_offload: remove redundant initialization\n (git-fixes).\n\n - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro\n (git-fixes).\n\n - ALSA: core: pcm: simplify locking for timers\n (git-fixes).\n\n - ALSA: core: timer: clarify operator precedence\n (git-fixes).\n\n - ALSA: core: timer: remove redundant assignment\n (git-fixes).\n\n - ALSA: ctl: Workaround for lockdep warning wrt\n card->ctl_files_rwlock (git-fixes).\n\n - ALSA: fireworks: use semicolons rather than commas to\n separate statements (git-fixes).\n\n - ALSA: fix kernel-doc markups (git-fixes).\n\n - ALSA: hda: auto_parser: remove shadowed variable\n declaration (git-fixes).\n\n - ALSA: hda: (cosmetic) align function parameters\n (git-fixes).\n\n - ALSA: hda - Do not register a cb func if it is\n registered already (git-fixes).\n\n - ALSA: hda - Fix the return value if cb func is already\n registered (git-fixes).\n\n - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close\n (git-fixes).\n\n - ALSA: hda: prevent undefined shift in\n snd_hdac_ext_bus_get_link() (git-fixes).\n\n - ALSA: hda/realtek - Add mute Led support for HP\n Elitebook 845 G7 (git-fixes).\n\n - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA\n with ALC887 (git-fixes).\n\n - ALSA: hda/realtek - Enable headphone for ASUS TM420\n (git-fixes).\n\n - ALSA: hda/realtek - Fixed HP headset Mic can't be\n detected (git-fixes).\n\n - ALSA: hda/realtek - set mic to auto detect on a HP AIO\n machine (git-fixes).\n\n - ALSA: hda/realtek - The front Mic on a HP machine does\n not work (git-fixes).\n\n - ALSA: hda: use semicolons rather than commas to separate\n statements (git-fixes).\n\n - ALSA: hdspm: Fix typo arbitary (git-fixes).\n\n - ALSA: mixart: Correct comment wrt obsoleted tasklet\n usage (git-fixes).\n\n - ALSA: portman2x4: fix repeated word 'if' (git-fixes).\n\n - ALSA: rawmidi: (cosmetic) align function parameters\n (git-fixes).\n\n - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl\n (git-fixes).\n\n - ALSA: sparc: dbri: fix repeated word 'the' (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for MODX\n (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Qu-16\n (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Zoom\n UAC-2 (git-fixes).\n\n - ALSA: usb-audio: Add mixer support for Pioneer DJ\n DJM-250MK2 (git-fixes).\n\n - ALSA: usb-audio: add usb vendor id as DSD-capable for\n Khadas devices (git-fixes).\n\n - ALSA: usb-audio: endpoint.c: fix repeated word 'there'\n (git-fixes).\n\n - ALSA: usb-audio: fix spelling mistake 'Frequence' ->\n 'Frequency' (git-fixes).\n\n - ALSA: usb-audio: Line6 Pod Go interface requires static\n clock rate quirk (git-fixes).\n\n - ALSA: usb: scarless_gen2: fix endianness issue\n (git-fixes).\n\n - ALSA: vx: vx_core: clarify operator precedence\n (git-fixes).\n\n - ALSA: vx: vx_pcm: remove redundant assignment\n (git-fixes).\n\n - ASoC: codecs: wcd9335: Set digital gain range correctly\n (git-fixes).\n\n - ASoC: cs42l51: manage mclk shutdown delay (git-fixes).\n\n - ASoC: fsl: imx-es8328: add missing put_device() call in\n imx_es8328_probe() (git-fixes).\n\n - ASoC: fsl_sai: Instantiate snd_soc_dai_driver\n (git-fixes).\n\n - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup\n function (git-fixes).\n\n - ASoC: qcom: lpass-cpu: fix concurrency issue\n (git-fixes).\n\n - ASoC: qcom: lpass-platform: fix memory leak (git-fixes).\n\n - ASoC: qcom: sdm845: set driver name correctly\n (git-fixes).\n\n - ASoC: sun50i-codec-analog: Fix duplicate use of ADC\n enable bits (git-fixes).\n\n - ASoC: tlv320aic32x4: Fix bdiv clock rate derivation\n (git-fixes).\n\n - ata: sata_rcar: Fix DMA boundary mask (git-fixes).\n\n - ath10k: check idx validity in\n __ath10k_htt_rx_ring_fill_n() (git-fixes).\n\n - ath10k: Fix the size used in a 'dma_free_coherent()'\n call in an error handling path (git-fixes).\n\n - ath10k: fix VHT NSS calculation when STBC is enabled\n (git-fixes).\n\n - ath10k: provide survey info as accumulated data\n (git-fixes).\n\n - ath10k: start recovery process when payload length\n exceeds max htc length for sdio (git-fixes).\n\n - ath6kl: prevent potential array overflow in\n ath6kl_add_new_sta() (git-fixes).\n\n - ath6kl: wmi: prevent a shift wrapping bug in\n ath6kl_wmi_delete_pstream_cmd() (git-fixes).\n\n - ath9k: Fix potential out of bounds in\n ath9k_htc_txcompletion_cb() (git-fixes).\n\n - ath9k: hif_usb: fix race condition between usb_get_urb()\n and usb_kill_anchored_urbs() (git-fixes).\n\n - ath9k_htc: Use appropriate rs_datalen type (git-fixes).\n\n - backlight: sky81452-backlight: Fix refcount imbalance on\n error (git-fixes).\n\n - blk-mq: order adding requests to hctx->dispatch and\n checking SCHED_RESTART (bsc#1177750).\n\n - block: ensure bdi->io_pages is always initialized\n (bsc#1177749).\n\n - block: Fix page_is_mergeable() for compound pages\n (bsc#1177814).\n\n - block: Set same_page to false in __bio_try_merge_page if\n ret is false (git-fixes).\n\n - Bluetooth: btusb: Fix memleak in\n btusb_mtk_submit_wmt_recv_urb (git-fixes).\n\n - Bluetooth: hci_uart: Cancel init work before\n unregistering (git-fixes).\n\n - Bluetooth: MGMT: Fix not checking if BT_HS is enabled\n (git-fixes).\n\n - Bluetooth: Only mark socket zapped after unlocking\n (git-fixes).\n\n - bnxt_en: Protect bnxt_set_eee() and\n bnxt_set_pauseparam() with mutex (git-fixes).\n\n - bonding: show saner speed for broadcast mode\n (networking-stable-20_08_24).\n\n - brcm80211: fix possible memleak in\n brcmf_proto_msgbuf_attach (git-fixes).\n\n - brcmfmac: check ndev pointer (git-fixes).\n\n - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy\n (git-fixes).\n\n - btrfs: Account for merged patches upstream Move below\n patches to sorted section.\n\n - btrfs: add owner and fs_info to alloc_state io_tree\n (bsc#1177854).\n\n - btrfs: allocate scrub workqueues outside of locks\n (bsc#1178183).\n\n - btrfs: cleanup cow block on error (bsc#1178584).\n\n - btrfs: do not force read-only after error in drop\n snapshot (bsc#1176354).\n\n - btrfs: drop path before adding new uuid tree entry\n (bsc#1178176).\n\n - btrfs: fix filesystem corruption after a device replace\n (bsc#1178395).\n\n - btrfs: fix NULL pointer dereference after failure to\n create snapshot (bsc#1178190).\n\n - btrfs: fix overflow when copying corrupt csums for a\n message (bsc#1178191).\n\n - btrfs: fix space cache memory leak after transaction\n abort (bsc#1178173).\n\n - btrfs: move btrfs_rm_dev_replace_free_srcdev outside of\n all locks (bsc#1178395).\n\n - btrfs: move btrfs_scratch_superblocks into\n btrfs_dev_replace_finishing (bsc#1178395).\n\n - btrfs: qgroup: fix qgroup meta rsv leak for subvolume\n operations (bsc#1177856).\n\n - btrfs: qgroup: fix wrong qgroup metadata reserve for\n delayed inode (bsc#1177855).\n\n - btrfs: reschedule if necessary when logging directory\n items (bsc#1178585).\n\n - btrfs: send, orphanize first all conflicting inodes when\n processing references (bsc#1178579).\n\n - btrfs: send, recompute reference path after\n orphanization of a directory (bsc#1178581).\n\n - btrfs: set the correct lockdep class for new nodes\n (bsc#1178184).\n\n - btrfs: set the lockdep class for log tree extent buffers\n (bsc#1178186).\n\n - btrfs: tree-checker: fix false alert caused by legacy\n btrfs root item (bsc#1177861).\n\n - can: can_create_echo_skb(): fix echo skb generation:\n always use skb_clone() (git-fixes).\n\n - can: c_can: reg_map_(c,d)_can: mark as __maybe_unused\n (git-fixes).\n\n - can: dev: __can_get_echo_skb(): fix real payload length\n return value for RTR frames (git-fixes).\n\n - can: dev: can_get_echo_skb(): prevent call to\n kfree_skb() in hard IRQ context (git-fixes).\n\n - can: flexcan: flexcan_chip_stop(): add error handling\n and propagate error value (git-fixes).\n\n - can: flexcan: flexcan_remove(): disable wakeup\n completely (git-fixes).\n\n - can: flexcan: remove ack_grp and ack_bit handling from\n driver (git-fixes).\n\n - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk\n for LS1021A (git-fixes).\n\n - can: peak_canfd: pucan_handle_can_rx(): fix echo\n management when loopback is on (git-fixes).\n\n - can: peak_usb: add range checking in decode operations\n (git-fixes).\n\n - can: peak_usb: peak_usb_get_ts_time(): fix timestamp\n wrapping (git-fixes).\n\n - can: rx-offload: do not call kfree_skb() from IRQ\n context (git-fixes).\n\n - can: softing: softing_card_shutdown(): add braces around\n empty body in an 'if' statement (git-fixes).\n\n - ceph: promote to unsigned long long before shifting\n (bsc#1178175).\n\n - clk: at91: clk-main: update key before writing\n AT91_CKGR_MOR (git-fixes).\n\n - clk: at91: remove the checking of parent_name\n (git-fixes).\n\n - clk: bcm2835: add missing release if\n devm_clk_hw_register fails (git-fixes).\n\n - clk: imx8mq: Fix usdhc parents order (git-fixes).\n\n - clk: keystone: sci-clk: fix parsing assigned-clock data\n during probe (git-fixes).\n\n - clk: meson: g12a: mark fclk_div2 as critical\n (git-fixes).\n\n - clk: qcom: gcc-sdm660: Fix wrong parent_map (git-fixes).\n\n - crypto: ccp - fix error handling (git-fixes).\n\n - cxgb4: fix memory leak during module unload\n (networking-stable-20_09_24).\n\n - cxgb4: Fix offset when clearing filter byte counters\n (networking-stable-20_09_24).\n\n - cxl: Rework error message for incompatible slots\n (bsc#1055014 git-fixes).\n\n - dax: Fix compilation for CONFIG_DAX && !CONFIG_FS_DAX\n (bsc#1177817).\n\n - Disable module compression on SLE15 SP2 (bsc#1178307)\n\n - dma-direct: add missing set_memory_decrypted() for\n coherent mapping (bsc#1175898, ECO-2743).\n\n - dma-direct: always align allocation size in\n dma_direct_alloc_pages() (bsc#1175898, ECO-2743).\n\n - dma-direct: atomic allocations must come from atomic\n coherent pools (bsc#1175898, ECO-2743).\n\n - dma-direct: check return value when encrypting or\n decrypting memory (bsc#1175898, ECO-2743).\n\n - dma-direct: consolidate the error handling in\n dma_direct_alloc_pages (bsc#1175898, ECO-2743).\n\n - dma-direct: make uncached_kernel_address more general\n (bsc#1175898, ECO-2743).\n\n - dma-direct: provide function to check physical memory\n area validity (bsc#1175898, ECO-2743).\n\n - dma-direct: provide mmap and get_sgtable method\n overrides (bsc#1175898, ECO-2743).\n\n - dma-direct: re-encrypt memory if\n dma_direct_alloc_pages() fails (bsc#1175898, ECO-2743).\n\n - dma-direct: remove __dma_direct_free_pages (bsc#1175898,\n ECO-2743).\n\n - dma-direct: remove the dma_handle argument to\n __dma_direct_alloc_pages (bsc#1175898, ECO-2743).\n\n - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status\n (git-fixes).\n\n - dmaengine: dmatest: Check list for emptiness before\n access its last entry (git-fixes).\n\n - dmaengine: dw: Activate FIFO-mode for memory peripherals\n only (git-fixes).\n\n - dma-mapping: add a dma_can_mmap helper (bsc#1175898,\n ECO-2743).\n\n - dma-mapping: always use VM_DMA_COHERENT for generic DMA\n remap (bsc#1175898, ECO-2743).\n\n - dma-mapping: DMA_COHERENT_POOL should select\n GENERIC_ALLOCATOR (bsc#1175898, ECO-2743).\n\n - dma-mapping: make dma_atomic_pool_init self-contained\n (bsc#1175898, ECO-2743).\n\n - dma-mapping: merge the generic remapping helpers into\n dma-direct (bsc#1175898, ECO-2743).\n\n - dma-mapping: remove arch_dma_mmap_pgprot (bsc#1175898,\n ECO-2743).\n\n - dma-mapping: warn when coherent pool is depleted\n (bsc#1175898, ECO-2743).\n\n - dma-pool: add additional coherent pools to map to gfp\n mask (bsc#1175898, ECO-2743).\n\n - dma-pool: add pool sizes to debugfs (bsc#1175898,\n ECO-2743).\n\n - dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL\n (bsc#1175898, ECO-2743).\n\n - dma-pool: do not allocate pool memory from CMA\n (bsc#1175898, ECO-2743).\n\n - dma-pool: dynamically expanding atomic pools\n (bsc#1175898, ECO-2743).\n\n - dma-pool: Fix an uninitialized variable bug in\n atomic_pool_expand() (bsc#1175898, ECO-2743).\n\n - dma-pool: fix coherent pool allocations for IOMMU\n mappings (bsc#1175898, ECO-2743).\n\n - dma-pool: fix too large DMA pools on medium memory size\n systems (bsc#1175898, ECO-2743).\n\n - dma-pool: get rid of dma_in_atomic_pool() (bsc#1175898,\n ECO-2743).\n\n - dma-pool: introduce dma_guess_pool() (bsc#1175898,\n ECO-2743).\n\n - dma-pool: make sure atomic pool suits device\n (bsc#1175898, ECO-2743).\n\n - dma-pool: Only allocate from CMA when in same memory\n zone (bsc#1175898, ECO-2743).\n\n - dma-pool: scale the default DMA coherent pool size with\n memory capacity (bsc#1175898, ECO-2743).\n\n - dma-remap: separate DMA atomic pools from direct remap\n code (bsc#1175898, ECO-2743).\n\n - dm: Call proper helper to determine dax support\n (bsc#1177817).\n\n - dm/dax: Fix table reference counts (bsc#1178246).\n\n - docs: driver-api: remove a duplicated index entry\n (git-fixes).\n\n - drivers: watchdog: rdc321x_wdt: Fix race condition bugs\n (git-fixes).\n\n - EDAC/i5100: Fix error handling order in i5100_init_one()\n (bsc#1152489).\n\n - eeprom: at25: set minimum read/write access stride to 1\n (git-fixes).\n\n - exfat: fix name_hash computation on big endian systems\n (git-fixes).\n\n - exfat: fix overflow issue in exfat_cluster_to_sector()\n (git-fixes).\n\n - exfat: fix possible memory leak in exfat_find()\n (git-fixes).\n\n - exfat: fix use of uninitialized spinlock on error path\n (git-fixes).\n\n - exfat: fix wrong hint_stat initialization in\n exfat_find_dir_entry() (git-fixes).\n\n - exfat: fix wrong size update of stream entry by typo\n (git-fixes).\n\n - extcon: ptn5150: Fix usage of atomic GPIO with sleeping\n GPIO chips (git-fixes).\n\n - futex: Adjust absolute futex timeouts with per time\n namespace offset (bsc#1164648).\n\n - futex: Consistently use fshared as boolean\n (bsc#1149032).\n\n - futex: Fix incorrect should_fail_futex() handling\n (bsc#1149032).\n\n - futex: Remove put_futex_key() (bsc#1149032).\n\n - futex: Remove unused or redundant includes\n (bsc#1149032).\n\n - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY\n (networking-stable-20_08_24).\n\n - gtp: add GTPA_LINK info to msg sent to userspace\n (networking-stable-20_09_11).\n\n - HID: hid-input: fix stylus battery reporting\n (git-fixes).\n\n - HID: ite: Add USB id match for Acer One S1003 keyboard\n dock (git-fixes).\n\n - HID: roccat: add bounds checking in\n kone_sysfs_write_settings() (git-fixes).\n\n - HID: wacom: Avoid entering wacom_wac_pen_report for pad\n / battery (git-fixes).\n\n - hyperv_fb: Update screen_info after removing old\n framebuffer (bsc#1175306).\n\n - i2c: core: Restore acpi_walk_dep_device_list() getting\n called after registering the ACPI i2c devs (git-fixes).\n\n - i2c: imx: Fix external abort on interrupt in exit paths\n (git-fixes).\n\n - i2c: rcar: Auto select RESET_CONTROLLER (git-fixes).\n\n - i3c: master add i3c_master_attach_boardinfo to preserve\n boardinfo (git-fixes).\n\n - i3c: master: Fix error return in cdns_i3c_master_probe()\n (git-fixes).\n\n - ibmveth: Identify ingress large send packets\n (bsc#1178185 ltc#188897).\n\n - ibmveth: Switch order of ibmveth_helper calls\n (bsc#1061843 git-fixes).\n\n - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943\n git-fixes).\n\n - ibmvnic: save changed mac address to adapter->mac_addr\n (bsc#1134760 ltc#177449 git-fixes).\n\n - ibmvnic: set up 200GBPS speed (bsc#1129923 git-fixes).\n\n - icmp: randomize the global rate limiter (git-fixes).\n\n - ida: Free allocated bitmap in error path (git-fixes).\n\n - iio:accel:bma180: Fix use of true when should be\n iio_shared_by enum (git-fixes).\n\n - iio: adc: gyroadc: fix leak of device node iterator\n (git-fixes).\n\n - iio: adc: stm32-adc: fix runtime autosuspend delay when\n slow polling (git-fixes).\n\n - iio:adc:ti-adc0832 Fix alignment issue with timestamp\n (git-fixes).\n\n - iio:adc:ti-adc12138 Fix alignment issue with timestamp\n (git-fixes).\n\n - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE\n (git-fixes).\n\n - iio:gyro:itg3200: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:light:si1145: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:magn:hmc5843: Fix passing true where iio_shared_by\n enum required (git-fixes).\n\n - ima: Do not ignore errors from crypto_shash_update()\n (git-fixes).\n\n - ima: Remove semicolon at the end of\n ima_get_binary_runtime_size() (git-fixes).\n\n - Input: ati_remote2 - add missing newlines when printing\n module parameters (git-fixes).\n\n - Input: ep93xx_keypad - fix handling of\n platform_get_irq() error (git-fixes).\n\n - Input: imx6ul_tsc - clean up some errors in\n imx6ul_tsc_resume() (git-fixes).\n\n - Input: omap4-keypad - fix handling of platform_get_irq()\n error (git-fixes).\n\n - Input: stmfts - fix a & vs && typo (git-fixes).\n\n - Input: sun4i-ps2 - fix handling of platform_get_irq()\n error (git-fixes).\n\n - Input: twl4030_keypad - fix handling of\n platform_get_irq() error (git-fixes).\n\n - iomap: Make sure iomap_end is called after iomap_begin\n (bsc#1177754).\n\n - iommu/vt-d: Gracefully handle DMAR units with no\n supported address widths (bsc#1177739).\n\n - ip: fix tos reflection in ack and reset packets\n (networking-stable-20_09_24).\n\n - ipmi_si: Fix wrong return value in try_smi_init()\n (git-fixes).\n\n - ipv4: Initialize flowi4_multipath_hash in data path\n (networking-stable-20_09_24).\n\n - ipv4: Restore flowi4_oif update before call to\n xfrm_lookup_route (git-fixes).\n\n - ipv4: Update exception handling for multipath routes via\n same device (networking-stable-20_09_24).\n\n - ipv6: avoid lockdep issue in fib6_del()\n (networking-stable-20_09_24).\n\n - ipv6: Fix sysctl max for fib_multipath_hash_policy\n (networking-stable-20_09_11).\n\n - ipvlan: fix device features\n (networking-stable-20_08_24).\n\n - iwlwifi: mvm: split a print to avoid a WARNING in ROC\n (git-fixes).\n\n - kABI: Fix kABI after add CodeSigning extended key usage\n (bsc#1177353).\n\n - kallsyms: Refactor kallsyms_show_value() to take cred\n (git-fixes).\n\n - kbuild: enforce -Werror=return-type (bsc#1177281).\n\n - KVM: x86/mmu: Commit zap of remaining invalid pages when\n recovering lpages (git-fixes).\n\n - leds: bcm6328, bcm6358: use devres LED registering\n function (git-fixes).\n\n - leds: mt6323: move period calculation (git-fixes).\n\n - libceph: clear con->out_msg on Policy::stateful_server\n faults (bsc#1178177).\n\n - lib/crc32.c: fix trivial typo in preprocessor condition\n (git-fixes).\n\n - mac80211: handle lack of sband->bitrates in rates\n (git-fixes).\n\n - mailbox: avoid timer start from callback (git-fixes).\n\n - media: ati_remote: sanity check for both endpoints\n (git-fixes).\n\n - media: bdisp: Fix runtime PM imbalance on error\n (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak due to\n pm_runtime_get_sync (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak\n (git-fixes).\n\n - media: exynos4-is: Fix several reference count leaks due\n to pm_runtime_get_sync (git-fixes).\n\n - media: firewire: fix memory leak (git-fixes).\n\n - media: i2c: ov5640: Enable data pins on poweron for DVP\n mode (git-fixes).\n\n - media: i2c: ov5640: Remain in power down for DVP mode\n unless streaming (git-fixes).\n\n - media: i2c: ov5640: Separate out mipi configuration from\n s_power (git-fixes).\n\n - media: imx274: fix frame interval handling (git-fixes).\n\n - media: media/pci: prevent memory leak in bttv_probe\n (git-fixes).\n\n - media: platform: Improve queue set up flow for bug\n fixing (git-fixes).\n\n - media: platform: s3c-camif: Fix runtime PM imbalance on\n error (git-fixes).\n\n - media: platform: sti: hva: Fix runtime PM imbalance on\n error (git-fixes).\n\n - media: rcar_drif: Allocate v4l2_async_subdev dynamically\n (git-fixes).\n\n - media: rcar_drif: Fix fwnode reference leak when parsing\n DT (git-fixes).\n\n - media: saa7134: avoid a shift overflow (git-fixes).\n\n - media: st-delta: Fix reference count leak in\n delta_run_work (git-fixes).\n\n - media: sti: Fix reference count leaks (git-fixes).\n\n - media: tw5864: check status of tw5864_frameinterval_get\n (git-fixes).\n\n - media: uvcvideo: Ensure all probed info is returned to\n v4l2 (git-fixes).\n\n - media: uvcvideo: Fix dereference of out-of-bound list\n iterator (git-fixes).\n\n - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having\n any effect (git-fixes).\n\n - media: venus: core: Fix runtime PM imbalance in\n venus_probe (git-fixes).\n\n - media: vsp1: Fix runtime PM imbalance on error\n (git-fixes).\n\n - memory: fsl-corenet-cf: Fix handling of\n platform_get_irq() error (git-fixes).\n\n - memory: omap-gpmc: Fix a couple off by ones (git-fixes).\n\n - memory: omap-gpmc: Fix build error without CONFIG_OF\n (git-fixes).\n\n - mfd: sm501: Fix leaks in probe() (git-fixes).\n\n - mic: vop: copy data to kernel space then write to io\n memory (git-fixes).\n\n - misc: mic: scif: Fix error handling path (git-fixes).\n\n - misc: rtsx: Fix memory leak in rtsx_pci_probe\n (git-fixes).\n\n - misc: vop: add round_up(x,4) for vring_size to avoid\n kernel panic (git-fixes).\n\n - mmc: sdio: Check for CISTPL_VERS_1 buffer size\n (git-fixes).\n\n - mm: do not panic when links can't be created in sysfs\n (bsc#1178002).\n\n - mm: do not rely on system state to detect hot-plug\n operations (bsc#1178002).\n\n - mm: fix a race during THP splitting (bsc#1178255).\n\n - mm/huge_memory.c: use head to check huge zero page\n (git-fixes (mm/thp)).\n\n - mm: madvise: fix vma user-after-free (git-fixes).\n\n - mm/mempolicy.c: fix out of bounds write in\n mpol_parse_str() (git-fixes (mm/mempolicy)).\n\n - mm/page-writeback.c: avoid potential division by zero in\n wb_min_max_ratio() (git-fixes (mm/writeback)).\n\n - mm/page-writeback.c: improve arithmetic divisions\n (git-fixes (mm/writeback)).\n\n - mm: replace memmap_context by meminit_context\n (bsc#1178002).\n\n - mm/rmap: fixup copying of soft dirty and uffd ptes\n (git-fixes (mm/rmap)).\n\n - mm/swapfile.c: fix potential memory leak in sys_swapon\n (git-fixes).\n\n - mm/zsmalloc.c: fix the migrated zspage statistics\n (git-fixes (mm/zsmalloc)).\n\n - module: Correctly truncate sysfs sections output\n (git-fixes).\n\n - module: Do not expose section addresses to\n non-CAP_SYSLOG (git-fixes).\n\n - module: Refactor section attr into bin attribute\n (git-fixes).\n\n - module: statically initialize init section freeing data\n (git-fixes).\n\n - Move upstreamed BT patch into sorted section\n\n - mtd: lpddr: Fix bad logic in print_drs_error\n (git-fixes).\n\n - mtd: lpddr: fix excessive stack usage with clang\n (git-fixes).\n\n - mtd: mtdoops: Do not write panic data twice (git-fixes).\n\n - mtd: rawnand: stm32_fmc2: fix a buffer overflow\n (git-fixes).\n\n - mtd: rawnand: vf610: disable clk on error handling path\n in probe (git-fixes).\n\n - mtd: spinand: gigadevice: Add QE Bit (git-fixes).\n\n - mtd: spinand: gigadevice: Only one dummy byte in QUADIO\n (git-fixes).\n\n - mwifiex: do not call del_timer_sync() on uninitialized\n timer (git-fixes).\n\n - mwifiex: Do not use GFP_KERNEL in atomic context\n (git-fixes).\n\n - mwifiex: fix double free (git-fixes).\n\n - mwifiex: remove function pointer check (git-fixes).\n\n - mwifiex: Remove unnecessary braces from\n HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes).\n\n - net: bridge: br_vlan_get_pvid_rcu() should dereference\n the VLAN group under RCU (networking-stable-20_09_24).\n\n - net/core: check length before updating Ethertype in\n skb_mpls_(push,pop) (git-fixes).\n\n - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument\n (networking-stable-20_09_24).\n\n - net: disable netpoll on fresh napis\n (networking-stable-20_09_11).\n\n - net: dsa: b53: check for timeout\n (networking-stable-20_08_24).\n\n - net: dsa: rtl8366: Properly clear member config\n (networking-stable-20_09_24).\n\n - net: fec: correct the error path for regulator disable\n in probe (networking-stable-20_08_24).\n\n - net: Fix bridge enslavement failure\n (networking-stable-20_09_24).\n\n - net: Fix potential wrong skb->protocol in\n skb_vlan_untag() (networking-stable-20_08_24).\n\n - net: hns: Fix memleak in hns_nic_dev_probe\n (networking-stable-20_09_11).\n\n - net: ipv6: fix kconfig dependency warning for\n IPV6_SEG6_HMAC (networking-stable-20_09_24).\n\n - netlabel: fix problems with mapping removal\n (networking-stable-20_09_11).\n\n - net: lantiq: Disable IRQs only if NAPI gets scheduled\n (networking-stable-20_09_24).\n\n - net: lantiq: Use napi_complete_done()\n (networking-stable-20_09_24).\n\n - net: lantiq: use netif_tx_napi_add() for TX NAPI\n (networking-stable-20_09_24).\n\n - net: lantiq: Wake TX queue again\n (networking-stable-20_09_24).\n\n - net/mlx5e: Enable adding peer miss rules only if merged\n eswitch is supported (networking-stable-20_09_24).\n\n - net/mlx5e: TLS, Do not expose FPGA TLS counter if not\n supported (networking-stable-20_09_24).\n\n - net/mlx5: Fix FTE cleanup (networking-stable-20_09_24).\n\n - net: mscc: ocelot: fix race condition with TX\n timestamping (bsc#1178461).\n\n - net: phy: Avoid NPD upon phy_detach() when driver is\n unbound (networking-stable-20_09_24).\n\n - net: phy: Do not warn in phy_stop() on PHY_DOWN\n (networking-stable-20_09_24).\n\n - net: qrtr: fix usage of idr in port assignment to socket\n (networking-stable-20_08_24).\n\n - net/sched: act_ct: Fix skb double-free in\n tcf_ct_handle_fragments() error flow\n (networking-stable-20_08_24).\n\n - net: sctp: Fix IPv6 ancestor_size calc in\n sctp_copy_descendant (networking-stable-20_09_24).\n\n - net: sctp: Fix negotiation of the number of data streams\n (networking-stable-20_08_24).\n\n - net/smc: Prevent kernel-infoleak in __smc_diag_dump()\n (networking-stable-20_08_24).\n\n - net: systemport: Fix memleak in bcm_sysport_probe\n (networking-stable-20_09_11).\n\n - net: usb: dm9601: Add USB ID of Keenetic Plus DSL\n (networking-stable-20_09_11).\n\n - net: usb: qmi_wwan: add Cellient MPL200 card\n (git-fixes).\n\n - net: usb: rtl8150: set random MAC address when\n set_ethernet_addr() fails (git-fixes).\n\n - net: wireless: nl80211: fix out-of-bounds access in\n nl80211_del_key() (git-fixes).\n\n - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute\n in nfc_genl_fw_download() (git-fixes).\n\n - nfp: use correct define to return NONE fec\n (networking-stable-20_09_24).\n\n - nl80211: fix non-split wiphy information (git-fixes).\n\n - NTB: hw: amd: fix an issue about leak system resources\n (git-fixes).\n\n - ntb: intel: Fix memleak in intel_ntb_pci_probe\n (git-fixes).\n\n - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).\n\n - nvme-rdma: fix crash when connect rejected\n (bsc#1174748).\n\n - overflow: Include header file with SIZE_MAX declaration\n (git-fixes).\n\n - p54: avoid accessing the data mapped to streaming DMA\n (git-fixes).\n\n - PCI: aardvark: Check for errors from\n pci_bridge_emul_init() call (git-fixes).\n\n - PCI/ACPI: Whitelist hotplug ports for D3 if power\n managed by ACPI (git-fixes).\n\n - percpu: fix first chunk size calculation for populated\n bitmap (git-fixes (mm/percpu)).\n\n - perf/x86/amd: Fix sampling Large Increment per Cycle\n events (bsc#1152489).\n\n - perf/x86: Fix n_pair for cancelled txn (bsc#1152489).\n\n - pinctrl: mcp23s08: Fix mcp23x17 precious range\n (git-fixes).\n\n - pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser\n (git-fixes).\n\n - PKCS#7: Check codeSigning EKU for kernel module and\n kexec pe verification.\n\n - PKCS#7: Check codeSigning EKU for kernel module and\n kexec pe verification (bsc#1177353).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM\n configuration (git-fixes).\n\n - PM: hibernate: Batch hibernate and resume IO requests\n (bsc#1178079).\n\n - PM: hibernate: remove the bogus call to get_gendisk() in\n software_resume() (git-fixes).\n\n - PM: runtime: Drop runtime PM references to supplier on\n link removal (git-fixes).\n\n - powerpc/book3s64/radix: Make radix_mem_block_size 64bit\n (bsc#1055186 ltc#153436 git-fixes).\n\n - powerpc: Fix undetected data corruption with P9N DD2.1\n VSX CI load emulation (bsc#1065729).\n\n - powerpc/hwirq: Remove stale forward irq_chip declaration\n (bsc#1065729).\n\n - powerpc/icp-hv: Fix missing of_node_put() in success\n path (bsc#1065729).\n\n - powerpc/irq: Drop forward declaration of struct\n irqaction (bsc#1065729).\n\n - powerpc/papr_scm: Fix warning triggered by\n perf_stats_show() (bsc#1175052 jsc#SLE-13823 bsc#1174969\n jsc#SLE-12769 git-fixes).\n\n - powerpc/perf/hv-gpci: Fix starting index value\n (bsc#1065729).\n\n - powerpc/powernv/dump: Fix race while processing OPAL\n dump (bsc#1065729).\n\n - powerpc/powernv/elog: Fix race while processing OPAL\n error log event (bsc#1065729).\n\n - powerpc/pseries: Avoid using addr_to_pfn in real mode\n (jsc#SLE-9246 git-fixes).\n\n - powerpc/pseries: explicitly reschedule during drmem_lmb\n list traversal (bsc#1077428 ltc#163882 git-fixes).\n\n - powerpc/pseries: Fix missing of_node_put() in rng_init()\n (bsc#1065729).\n\n - power: supply: bq27xxx: report 'not charging' on all\n types (git-fixes).\n\n - power: supply: test_power: add missing newlines when\n printing parameters by sysfs (git-fixes).\n\n - pwm: img: Fix NULL pointer access in probe (git-fixes).\n\n - pwm: lpss: Add range limit check for the base_unit\n register value (git-fixes).\n\n - pwm: lpss: Fix off by one error in base_unit math in\n pwm_lpss_prepare() (git-fixes).\n\n - qtnfmac: fix resource leaks on unsupported iftype error\n return path (git-fixes).\n\n - r8169: fix issue with forced threading in combination\n with shared interrupts (git-fixes).\n\n - r8169: fix operation under forced interrupt threading\n (git-fixes).\n\n - rapidio: fix the missed put_device() for\n rio_mport_add_riodev (git-fixes).\n\n - regulator: defer probe when trying to get voltage from\n unresolved supply (git-fixes).\n\n - reset: sti: reset-syscfg: fix struct description\n warnings (git-fixes).\n\n - ring-buffer: Return 0 on success from\n ring_buffer_resize() (git-fixes).\n\n - rpm/kernel-module-subpackage: make Group tag optional\n (bsc#1163592)\n\n - rtc: rx8010: do not modify the global rtc ops\n (git-fixes).\n\n - rtl8xxxu: prevent potential memory leak (git-fixes).\n\n - rtw88: increse the size of rx buffer size (git-fixes).\n\n - s390/cio: add cond_resched() in the slow_eval_known_fn()\n loop (bsc#1177799 LTC#188733).\n\n - s390/dasd: Fix zero write for FBA devices (bsc#1177801\n LTC#188735).\n\n - scsi: ibmvfc: Fix error return in ibmvfc_probe()\n (bsc#1065729).\n\n - scsi: ibmvscsi: Fix potential race after loss of\n transport (bsc#1178166 ltc#188226).\n\n - scsi: mptfusion: Do not use GFP_ATOMIC for larger DMA\n allocations (bsc#1175898, ECO-2743).\n\n - sctp: not disable bh in the whole sctp_get_port_local()\n (networking-stable-20_09_11).\n\n - selftests/timers: Turn off timeout setting (git-fixes).\n\n - serial: 8250_mtk: Fix uart_get_baud_rate warning\n (git-fixes).\n\n - serial: txx9: add missing platform_driver_unregister()\n on error in serial_txx9_init (git-fixes).\n\n - slimbus: core: check get_addr before removing laddr ida\n (git-fixes).\n\n - slimbus: core: do not enter to clock pause mode in core\n (git-fixes).\n\n - slimbus: qcom-ngd-ctrl: disable ngd in qmi server down\n callback (git-fixes).\n\n - soc: fsl: qbman: Fix return value on success\n (git-fixes).\n\n - spi: spi-s3c64xx: Check return values (git-fixes).\n\n - spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and\n s3c64xx_enable_datapath() (git-fixes).\n\n - staging: comedi: cb_pcidas: Allow 2-channel commands for\n AO subdevice (git-fixes).\n\n - staging: comedi: check validity of wMaxPacketSize of usb\n endpoints found (git-fixes).\n\n - staging: octeon: Drop on uncorrectable alignment or FCS\n error (git-fixes).\n\n - staging: octeon: repair 'fixed-link' support\n (git-fixes).\n\n - staging: rtl8192u: Do not use GFP_KERNEL in atomic\n context (git-fixes).\n\n - taprio: Fix allowing too small intervals\n (networking-stable-20_09_24).\n\n - time: Prevent undefined behaviour in timespec64_to_ns()\n (bsc#1164648).\n\n - tipc: fix memory leak caused by tipc_buf_append()\n (git-fixes).\n\n - tipc: Fix memory leak in tipc_group_create_member()\n (networking-stable-20_09_24).\n\n - tipc: fix shutdown() of connectionless socket\n (networking-stable-20_09_11).\n\n - tipc: fix shutdown() of connection oriented socket\n (networking-stable-20_09_24).\n\n - tipc: fix the skb_unshare() in tipc_buf_append()\n (git-fixes).\n\n - tipc: fix uninit skb->data in tipc_nl_compat_dumpit()\n (networking-stable-20_08_24).\n\n - tipc: use skb_unshare() instead in tipc_buf_append()\n (networking-stable-20_09_24).\n\n - tracing: Check return value of __create_val_fields()\n before using its result (git-fixes).\n\n - tracing: Save normal string variables (git-fixes).\n\n - tty: ipwireless: fix error handling (git-fixes).\n\n - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char\n (git-fixes).\n\n - uio: free uio id after uio file node is freed\n (git-fixes).\n\n - USB: adutux: fix debugging (git-fixes).\n\n - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices\n (git-fixes).\n\n - usb: cdc-acm: fix cooldown mechanism (git-fixes).\n\n - USB: cdc-acm: handle broken union descriptors\n (git-fixes).\n\n - USB: cdc-wdm: Make wdm_flush() interruptible and add\n wdm_fsync() (git-fixes).\n\n - usb: core: Solve race condition in anchor cleanup\n functions (git-fixes).\n\n - usb: dwc2: Fix INTR OUT transfers in DDMA mode\n (git-fixes).\n\n - usb: dwc2: Fix parameter type in function pointer\n prototype (git-fixes).\n\n - usb: dwc3: core: add phy cleanup for probe error\n handling (git-fixes).\n\n - usb: dwc3: core: do not trigger runtime pm when remove\n driver (git-fixes).\n\n - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests\n (git-fixes).\n\n - usb: dwc3: gadget: Resume pending requests after\n CLEAR_STALL (git-fixes).\n\n - usb: dwc3: pci: Allow Elkhart Lake to utilize DSM method\n for PM functionality (git-fixes).\n\n - usb: dwc3: simple: add support for Hikey 970\n (git-fixes).\n\n - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus\n gadgets (git-fixes).\n\n - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and\n above (git-fixes).\n\n - usb: gadget: function: printer: fix use-after-free in\n __lock_acquire (git-fixes).\n\n - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as\n well (git-fixes).\n\n - usblp: fix race between disconnect() and read()\n (git-fixes).\n\n - usb: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n\n - usb: ohci: Default to per-port over-current protection\n (git-fixes).\n\n - USB: serial: cyberjack: fix write-URB completion race\n (git-fixes).\n\n - USB: serial: ftdi_sio: add support for FreeCalypso\n JTAG+UART adapters (git-fixes).\n\n - USB: serial: option: add Cellient MPL200 card\n (git-fixes).\n\n - USB: serial: option: Add Telit FT980-KS composition\n (git-fixes).\n\n - USB: serial: pl2303: add device-id for HP GC device\n (git-fixes).\n\n - USB: serial: qcserial: fix altsetting probing\n (git-fixes).\n\n - usb: typec: tcpm: During PR_SWAP, source caps should be\n sent only after tSwapSourceStart (git-fixes).\n\n - usb: xhci-mtk: Fix typo (git-fixes).\n\n - usb: xhci: omit duplicate actions when suspending a\n runtime suspended host (git-fixes).\n\n - video: hyperv: hyperv_fb: Obtain screen resolution from\n Hyper-V host (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Support deferred IO for\n Hyper-V frame buffer driver (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Use physical memory for fb on\n HyperV Gen 1 VMs (bsc#1175306).\n\n - VMCI: check return value of get_user_pages_fast() for\n errors (git-fixes).\n\n - w1: mxc_w1: Fix timeout resolution problem leading to\n bus error (git-fixes).\n\n - watchdog: Fix memleak in watchdog_cdev_register\n (git-fixes).\n\n - watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3\n (git-fixes).\n\n - watchdog: Use put_device on error (git-fixes).\n\n - wcn36xx: Fix reported 802.11n rx_highest rate\n wcn3660/wcn3680 (git-fixes).\n\n - writeback: Avoid skipping inode writeback (bsc#1177755).\n\n - writeback: Fix sync livelock due to b_dirty_time\n processing (bsc#1177755).\n\n - writeback: Protect inode->i_io_list with inode->i_lock\n (bsc#1177755).\n\n - X.509: Add CodeSigning extended key usage parsing\n (bsc#1177353).\n\n - x86/alternative: Do not call text_poke() in lazy TLB\n mode (bsc#1175749).\n\n - x86/fpu: Allow multiple bits in clearcpuid= parameter\n (bsc#1152489).\n\n - x86/ioapic: Unbreak check_timer() (bsc#1152489).\n\n - x86/kexec: Use up-to-dated screen_info copy to fill boot\n params (bsc#1175306).\n\n - x86/(mce,mm): Unmap the entire page if the whole page is\n affected and poisoned (bsc#1177765).\n\n - x86/mm: unencrypted non-blocking DMA allocations use\n coherent pools (bsc#1175898, ECO-2743).\n\n - x86/xen: disable Firmware First mode for correctable\n memory errors (bsc#1176713).\n\n - xen/blkback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/events: add a new 'late EOI' evtchn framework\n (XSA-332 bsc#1177411).\n\n - xen/events: add a proper barrier to 2-level uevent\n unmasking (XSA-332 bsc#1177411).\n\n - xen/events: avoid removing an event channel while\n handling it (XSA-331 bsc#1177410).\n\n - xen/events: block rogue events for some time (XSA-332\n bsc#1177411).\n\n - xen/events: defer eoi in case of excessive number of\n events (XSA-332 bsc#1177411).\n\n - xen/events: fix race in evtchn_fifo_unmask() (XSA-332\n bsc#1177411).\n\n - xen/events: switch user event channels to lateeoi model\n (XSA-332 bsc#1177411).\n\n - xen/events: use a common cpu hotplug hook for event\n channels (XSA-332 bsc#1177411).\n\n - xen/gntdev.c: Mark pages as dirty (bsc#1065600).\n\n - xen/netback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/pciback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/pvcallsback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/scsiback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xfs: complain if anyone tries to create a too-large\n buffer log item (bsc#1166146).\n\n - xfs: do not update mtime on COW faults (bsc#1167030).\n\n - xfs: fix high key handling in the rt allocator's\n query_range function (git-fixes).\n\n - xfs: fix scrub flagging rtinherit even if there is no rt\n device (git-fixes).\n\n - xfs: fix xfs_bmap_validate_extent_raw when checking attr\n fork of rt files (git-fixes).\n\n - xfs: flush new eof page on truncate to avoid post-eof\n corruption (git-fixes).\n\n - xfs: force the log after remapping a synchronous-writes\n file (git-fixes).\n\n - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166).\n\n - xfs: limit entries returned when counting fsmap records\n (git-fixes).\n\n - xfs: remove unused variable 'done' (bsc#1166166).\n\n - xfs: set xefi_discard when creating a deferred agfl free\n log intent item (git-fixes).\n\n - xfs: truncate should remove all blocks, not just to the\n end of the page cache (bsc#1166166).\n\n - xhci: do not create endpoint debugfs entry before ring\n buffer is set (git-fixes).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1163592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1164648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1166146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1166166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177754\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178255\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178585\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25668\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debuginfo-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debugsource-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-debuginfo-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debuginfo-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debugsource-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-debuginfo-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-devel-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-docs-html-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debuginfo-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debugsource-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-macros-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-debugsource-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-qa-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debuginfo-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debugsource-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-vanilla-5.3.18-lp152.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-syms-5.3.18-lp152.50.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-debuginfo / kernel-debug-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T15:36:18", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.(CVE-2019-0147)A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service.\n The highest threat from this vulnerability is to system availability.(CVE-2020-14385)In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-111893654References: Upstream kernel(CVE-2020-0404)The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists.\n The highest threat from this vulnerability is to system availability.(CVE-2020-14314)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2166)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0147", "CVE-2020-0404", "CVE-2020-14314", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2166.NASL", "href": "https://www.tenable.com/plugins/nessus/141332", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141332);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/02\");\n\n script_cve_id(\n \"CVE-2019-0147\",\n \"CVE-2020-0404\",\n \"CVE-2020-14314\",\n \"CVE-2020-14385\",\n \"CVE-2020-14386\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2166)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):A race condition between\n hugetlb sysctl handlers in mm/hugetlb.c in the Linux\n kernel before 5.8.8 could be used by local attackers to\n corrupt memory, cause a NULL pointer dereference, or\n possibly have unspecified other impact, aka\n CID-17743798d812.(CVE-2020-25285)A flaw was found in\n the Linux kernel before 5.9-rc4. Memory corruption can\n be exploited to gain root privileges from unprivileged\n processes. The highest threat from this vulnerability\n is to data confidentiality and\n integrity.(CVE-2020-14386)Insufficient input validation\n in i40e driver for Intel(R) Ethernet 700 Series\n Controllers versions before 7.0 may allow an\n authenticated user to potentially enable a denial of\n service via local access.(CVE-2019-0147)A TOCTOU\n mismatch in the NFS client code in the Linux kernel\n before 5.8.3 could be used by local attackers to\n corrupt memory or possibly have unspecified other\n impact because a size check is in fs/ nfs/ nfs4proc.c\n instead of fs/ nfs/ nfs4xdr.c, aka\n CID-b4487b935452.(CVE-2020-25212)A flaw was found in\n the Linux kernel before 5.9-rc4. A failure of the file\n system metadata validator in XFS can cause an inode\n with a valid, user-creatable extended attribute to be\n flagged as corrupt. This can lead to the filesystem\n being shutdown, or otherwise rendered inaccessible\n until it is remounted, leading to a denial of service.\n The highest threat from this vulnerability is to system\n availability.(CVE-2020-14385)In uvc_scan_chain_forward\n of uvc_driver.c, there is a possible linked list\n corruption due to an unusual root cause. This could\n lead to local escalation of privilege in the kernel\n with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-111893654References: Upstream\n kernel(CVE-2020-0404)The rbd block device driver in\n drivers/block/rbd.c in the Linux kernel through 5.8.9\n used incomplete permission checking for access to rbd\n devices, which could be leveraged by local attackers to\n map or unmap rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)A memory out-of-bounds\n read flaw was found in the Linux kernel before 5.9-rc2\n with the ext3/ext4 file system, in the way it accesses\n a directory with broken indexing. This flaw allows a\n local user to crash the system if the directory exists.\n The highest threat from this vulnerability is to system\n availability.(CVE-2020-14314)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2166\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?af285e64\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.90-vhulk2009.2.0.h269.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2009.2.0.h269.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2009.2.0.h269.eulerosv2r9\",\n \"python3-perf-4.19.90-vhulk2009.2.0.h269.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-13T15:21:43", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5879 advisory.\n\n - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (CVE-2019-20054)\n\n - In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. (CVE-2019-19965)\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry. (CVE-2016-10905)\n\n - The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.\n (CVE-2017-8925)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. (CVE-2017-8924)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5879)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10905", "CVE-2017-8924", "CVE-2017-8925", "CVE-2019-19073", "CVE-2019-19965", "CVE-2019-20054", "CVE-2020-14314", "CVE-2020-25285"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.50.1.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.50.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5879.NASL", "href": "https://www.tenable.com/plugins/nessus/141367", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5879.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141367);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2016-10905\",\n \"CVE-2017-8924\",\n \"CVE-2017-8925\",\n \"CVE-2019-19073\",\n \"CVE-2019-19965\",\n \"CVE-2019-20054\",\n \"CVE-2020-14314\",\n \"CVE-2020-25285\"\n );\n script_bugtraq_id(98451, 98462);\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5879)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5879 advisory.\n\n - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in\n fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (CVE-2019-20054)\n\n - In the Linux kernel through 5.4.6, there is a NULL pointer dereference in\n drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related\n to a PHY down race condition, aka CID-f70267f379b5. (CVE-2019-19965)\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow\n attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout()\n failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the\n htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by\n the functions gfs2_clear_rgrpd and read_rindex_entry. (CVE-2016-10905)\n\n - The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local\n users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.\n (CVE-2017-8925)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows\n local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel\n memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer\n underflow. (CVE-2017-8924)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5879.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10905\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.50.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.50.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.50.1.el6uek', '3.8.13-118.50.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5879');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.50.1.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.50.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.50.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.50.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.50.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.50.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.50.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.50.1.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.50.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.50.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.50.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.50.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.50.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.50.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.50.1.el6uek / dtrace-modules-3.8.13-118.50.1.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:37", "description": "The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).\n\nCVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).\n\nCVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470).\n\nCVE-2020-8694: Restricted energy meter to root access (bsc#1170415).\n\nCVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)\n\nCVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3272-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0430", "CVE-2020-14351", "CVE-2020-16120", "CVE-2020-25285", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-8694"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3272-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143809", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3272-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143809);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-0430\", \"CVE-2020-14351\", \"CVE-2020-16120\", \"CVE-2020-25285\", \"CVE-2020-25656\", \"CVE-2020-27673\", \"CVE-2020-27675\", \"CVE-2020-8694\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3272-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\nsecurity and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25656: Fixed a concurrency use-after-free in\nvt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers\nin mm/hugetlb.c (bnc#1176485).\n\nCVE-2020-0430: Fixed an OOB read in skb_headlen of\n/include/linux/skbuff.h (bnc#1176723).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function\n(bsc#1177086).\n\nCVE-2020-16120: Fixed a permissions issue in ovl_path_open()\n(bsc#1177470).\n\nCVE-2020-8694: Restricted energy meter to root access (bsc#1170415).\n\nCVE-2020-27673: Fixed an issue where rogue guests could have caused\ndenial of service of Dom0 via high frequency events (XSA-332\nbsc#1177411)\n\nCVE-2020-27675: Fixed a race condition in event handler which may\ncrash dom0 (XSA-331 bsc#1177410).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0430/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14351/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-16120/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25285/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25656/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27675/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8694/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203272-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61b1893a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-3272=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-3272=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-3272=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP1-2020-3272=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3272=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-3272=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14351\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.67.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.67.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T15:25:17", "description": "The version of kernel installed on the remote host is prior to 5.4.68-34.125. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-016 advisory.\n\n - In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. (CVE-2019-19448)\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace. (CVE-2019-19770)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. (CVE-2020-12888)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of- bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-25641)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-02T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19448", "CVE-2019-19770", "CVE-2020-12888", "CVE-2020-14314", "CVE-2020-14385", "CVE-2020-14390", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641"], "modified": "2023-09-05T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64"], "id": "AL2_ALASKERNEL-5_4-2022-016.NASL", "href": "https://www.tenable.com/plugins/nessus/160437", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-016.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160437);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/05\");\n\n script_cve_id(\n \"CVE-2019-19448\",\n \"CVE-2019-19770\",\n \"CVE-2020-12888\",\n \"CVE-2020-14314\",\n \"CVE-2020-14385\",\n \"CVE-2020-14390\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-016)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.68-34.125. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-016 advisory.\n\n - In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some\n operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in\n fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to\n a right data structure. (CVE-2019-19448)\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove\n function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously\n created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel\n developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of\n debugfs within blktrace. (CVE-2019-19770)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory\n space. (CVE-2020-12888)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in\n XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can\n lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading\n to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-\n bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length\n biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a\n denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block\n device, resulting in a denial of service. The highest threat from this vulnerability is to system\n availability. (CVE-2020-25641)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-016.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2019-19448.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2019-19770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-12888.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-14314.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-14385.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-14390.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25212.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25285.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25641.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19448\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19770\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kpatch.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2019-19448\", \"CVE-2019-19770\", \"CVE-2020-12888\", \"CVE-2020-14314\", \"CVE-2020-14385\", \"CVE-2020-14390\", \"CVE-2020-25212\", \"CVE-2020-25284\", \"CVE-2020-25285\", \"CVE-2020-25641\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-016\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.68-34.125.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:41:12", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4660-1 advisory.\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of- bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-25641)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4660-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14351", "CVE-2020-14390", "CVE-2020-25211", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-28915", "CVE-2020-4788"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1059-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1074-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1074-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1079-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1088-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1091-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1100-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-126-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-126-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-126-lowlatency"], "id": "UBUNTU_USN-4660-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143445", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4660-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143445);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2020-4788\",\n \"CVE-2020-14351\",\n \"CVE-2020-14390\",\n \"CVE-2020-25211\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-28915\"\n );\n script_xref(name:\"USN\", value:\"4660-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4660-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4660-1 advisory.\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-\n bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length\n biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a\n denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block\n device, resulting in a denial of service. The highest threat from this vulnerability is to system\n availability. (CVE-2020-25641)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4660-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1059-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1074-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1074-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1079-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1088-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1091-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1100-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-126-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-126-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-126-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.15.0': {\n 'generic': '4.15.0-126',\n 'generic-lpae': '4.15.0-126',\n 'lowlatency': '4.15.0-126',\n 'oracle': '4.15.0-1059',\n 'aws': '4.15.0-1088',\n 'azure': '4.15.0-1100'\n }\n },\n '18.04': {\n '4.15.0': {\n 'generic': '4.15.0-126',\n 'generic-lpae': '4.15.0-126',\n 'lowlatency': '4.15.0-126',\n 'oracle': '4.15.0-1059',\n 'gke': '4.15.0-1074',\n 'raspi2': '4.15.0-1074',\n 'kvm': '4.15.0-1079',\n 'aws': '4.15.0-1088',\n 'snapdragon': '4.15.0-1091',\n 'azure': '4.15.0-1100',\n 'oem': '4.15.0-1103'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4660-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2020-4788', 'CVE-2020-14351', 'CVE-2020-14390', 'CVE-2020-25211', 'CVE-2020-25284', 'CVE-2020-25285', 'CVE-2020-25641', 'CVE-2020-25643', 'CVE-2020-25645', 'CVE-2020-28915');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4660-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-11T15:49:23", "description": "The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).\n\nCVE-2020-8694: Insufficient access control for some Intel(R) Processors may have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1170415).\n\nCVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).\n\nCVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).\n\nCVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).\n\nCVE-2020-16120: Fixed permission check to open real file when using overlayfs. It was possible to have a file not readable by an unprivileged user be copied to a mountpoint controlled by that user and then be able to access the file (bsc#1177470).\n\nCVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724).\n\nCVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3513-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0430", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-14351", "CVE-2020-16120", "CVE-2020-25285", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-8694"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3513-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143802", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3513-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143802);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0430\",\n \"CVE-2020-8694\",\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-14351\",\n \"CVE-2020-16120\",\n \"CVE-2020-25285\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3513-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive\nvarious security and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25705: A flaw in the way reply ICMP packets are limited in\nwas found that allowed to quickly scan open UDP ports. This flaw\nallowed an off-path remote user to effectively bypassing source port\nUDP randomization. The highest threat from this vulnerability is to\nconfidentiality and possibly integrity, because software and services\nthat rely on UDP source port randomization (like DNS) are indirectly\naffected as well. Kernel versions may be vulnerable to this issue\n(bsc#1175721, bsc#1178782).\n\nCVE-2020-8694: Insufficient access control for some Intel(R)\nProcessors may have allowed an authenticated user to potentially\nenable information disclosure via local access (bsc#1170415).\n\nCVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter()\n(bsc#1178393).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).\n\nCVE-2020-25656: Fixed a concurrency use-after-free in\nvt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers\nin mm/hugetlb.c (bnc#1176485).\n\nCVE-2020-0430: Fixed an OOB read in skb_headlen of\n/include/linux/skbuff.h (bnc#1176723).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function\n(bsc#1177086).\n\nCVE-2020-16120: Fixed permission check to open real file when using\noverlayfs. It was possible to have a file not readable by an\nunprivileged user be copied to a mountpoint controlled by that user\nand then be able to access the file (bsc#1177470).\n\nCVE-2020-12351: Fixed a type confusion while processing AMP packets\naka 'BleedingTooth' aka 'BadKarma' (bsc#1177724).\n\nCVE-2020-12352: Fixed an information leak when processing certain AMP\npackets aka 'BleedingTooth' (bsc#1177725).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176560\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177754\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=927455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0430/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12351/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12352/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14351/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16120/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25285/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25656/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25704/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25705/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8694/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203513-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fa21136a\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-3513=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25668\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-debuginfo-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-rt-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-4.12.14-14.41.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-4.12.14-14.41.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-11T15:49:05", "description": "The SUSE Linux Enterprise 12 SP5 kernel Azure was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).\n\nCVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).\n\nCVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470).\n\nCVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops filter addition (bsc#1177724).\n\nCVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725).\n\nCVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bnc#1176381).\n\nCVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511).\n\nCVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)\n\nCVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3281-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0430", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-14351", "CVE-2020-16120", "CVE-2020-25212", "CVE-2020-25285", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-27675"], "modified": "2021-04-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3281-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143773", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3281-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143773);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\"CVE-2020-0430\", \"CVE-2020-12351\", \"CVE-2020-12352\", \"CVE-2020-14351\", \"CVE-2020-16120\", \"CVE-2020-25212\", \"CVE-2020-25285\", \"CVE-2020-25645\", \"CVE-2020-25656\", \"CVE-2020-27673\", \"CVE-2020-27675\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3281-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP5 kernel Azure was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25656: Fixed a concurrency use-after-free in\nvt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers\nin mm/hugetlb.c (bnc#1176485).\n\nCVE-2020-0430: Fixed an OOB read in skb_headlen of\n/include/linux/skbuff.h (bnc#1176723).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function\n(bsc#1177086).\n\nCVE-2020-16120: Fixed a permissions issue in ovl_path_open()\n(bsc#1177470).\n\nCVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops\nfilter addition (bsc#1177724).\n\nCVE-2020-12352: Fixed an information leak when processing certain AMP\npackets aka 'BleedingTooth' (bsc#1177725).\n\nCVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code\n(bnc#1176381).\n\nCVE-2020-25645: Fixed an an issue in IPsec that caused traffic between\ntwo Geneve endpoints to be unencrypted (bnc#1177511).\n\nCVE-2020-27673: Fixed an issue where rogue guests could have caused\ndenial of service of Dom0 via high frequency events (XSA-332\nbsc#1177411)\n\nCVE-2020-27675: Fixed a race condition in event handler which may\ncrash dom0 (XSA-331 bsc#1177410).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0430/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12351/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14351/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-16120/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25212/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25285/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25645/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25656/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27675/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203281-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d0a219f\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3281=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-16.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-16.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-16.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-16.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-16.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-16.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-16.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-11T15:49:06", "description": "The SUSE Linux Enterprise 15 SP2 realtime kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).\n\nCVE-2020-8694: Insufficient access control for some Intel(R) Processors may have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1170415).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).\n\nCVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).\n\nCVE-2020-16120: Fixed permission check to open real file when using overlayfs. It was possible to have a file not readable by an unprivileged user be copied to a mountpoint controlled by that user and then be able to access the file (bsc#1177470).\n\nCVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724).\n\nCVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725).\n\nCVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).\n\nCVE-2020-24490: Fixed a heap buffer overflow when processing extended advertising report events aka 'BleedingTooth (bsc#1177726).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon (bsc#1178589)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3522-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12351", "CVE-2020-12352", "CVE-2020-14351", "CVE-2020-16120", "CVE-2020-24490", "CVE-2020-25285", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-28974", "CVE-2020-8694"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3522-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143780", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3522-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143780);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-8694\",\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-14351\",\n \"CVE-2020-16120\",\n \"CVE-2020-24490\",\n \"CVE-2020-25285\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-28974\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3522-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 realtime kernel was updated to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25705: A flaw in the way reply ICMP packets are limited in\nwas found that allowed to quickly scan open UDP ports. This flaw\nallowed an off-path remote user to effectively bypassing source port\nUDP randomization. The highest threat from this vulnerability is to\nconfidentiality and possibly integrity, because software and services\nthat rely on UDP source port randomization (like DNS) are indirectly\naffected as well. Kernel versions may be vulnerable to this issue\n(bsc#1175721, bsc#1178782).\n\nCVE-2020-8694: Insufficient access control for some Intel(R)\nProcessors may have allowed an authenticated user to potentially\nenable information disclosure via local access (bsc#1170415).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).\n\nCVE-2020-25656: Fixed a concurrency use-after-free in\nvt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers\nin mm/hugetlb.c (bnc#1176485).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function\n(bsc#1177086).\n\nCVE-2020-16120: Fixed permission check to open real file when using\noverlayfs. It was possible to have a file not readable by an\nunprivileged user be copied to a mountpoint controlled by that user\nand then be able to access the file (bsc#1177470).\n\nCVE-2020-12351: Fixed a type confusion while processing AMP packets\naka 'BleedingTooth' aka 'BadKarma' (bsc#1177724).\n\nCVE-2020-12352: Fixed an information leak when processing certain AMP\npackets aka 'BleedingTooth' (bsc#1177725).\n\nCVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter()\n(bsc#1178393).\n\nCVE-2020-24490: Fixed a heap buffer overflow when processing extended\nadvertising report events aka 'BleedingTooth (bsc#1177726).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon (bsc#1178589)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1166146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1166166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176400\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177754\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178255\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12351/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12352/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14351/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16120/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-24490/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25285/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25656/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25704/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25705/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8694/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203522-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e00b706\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP2-2020-3522=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25668\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-rt-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-5.3.18-16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-5.3.18-16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:57", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1437 advisory.\n\n - In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. (CVE-2019-19448)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. (CVE-2020-12888)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of- bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-25641)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. (CVE-2020-26088)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2020-1437)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19448", "CVE-2020-12888", "CVE-2020-14314", "CVE-2020-14331", "CVE-2020-14390", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-26088"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1437.NASL", "href": "https://www.tenable.com/plugins/nessus/141961", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1437.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141961);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-19448\",\n \"CVE-2020-12888\",\n \"CVE-2020-14314\",\n \"CVE-2020-14331\",\n \"CVE-2020-14390\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-26088\"\n );\n script_xref(name:\"ALAS\", value:\"2020-1437\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2020-1437)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS-2020-1437 advisory.\n\n - In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some\n operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in\n fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to\n a right data structure. (CVE-2019-19448)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory\n space. (CVE-2020-12888)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-\n bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length\n biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a\n denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block\n device, resulting in a denial of service. The highest threat from this vulnerability is to system\n availability. (CVE-2020-25641)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2\n could be used by local attackers to create raw sockets, bypassing security mechanisms, aka\n CID-26896f01467a. (CVE-2020-26088)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1437.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26088\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2019-19448\", \"CVE-2020-12888\", \"CVE-2020-14314\", \"CVE-2020-14331\", \"CVE-2020-14390\", \"CVE-2020-25212\", \"CVE-2020-25284\", \"CVE-2020-25285\", \"CVE-2020-25641\", \"CVE-2020-25643\", \"CVE-2020-25645\", \"CVE-2020-26088\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2020-1437\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-debuginfo-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-debuginfo-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-debuginfo-common-i686-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-devel-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-devel-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-headers-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-headers-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-tools-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-tools-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-tools-debuginfo-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-tools-debuginfo-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-tools-devel-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-tools-devel-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'perf-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'perf-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'perf-debuginfo-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'perf-debuginfo-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:24:50", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5885 advisory.\n\n - The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. (CVE-2019-3874)\n\n - A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality. (CVE-2020-10767)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15. (CVE-2019-18885)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. (CVE-2020-24394)\n\n - A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. (CVE-2020-10781)\n\n - The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. (CVE-2020-16166)\n\n - An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. (CVE-2018-20669)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. (CVE-2020-14386)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5885)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-18885", "CVE-2019-3874", "CVE-2020-10767", "CVE-2020-10781", "CVE-2020-14314", "CVE-2020-14331", "CVE-2020-14386", "CVE-2020-16166", "CVE-2020-24394", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2020-5885.NASL", "href": "https://www.tenable.com/plugins/nessus/141396", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5885.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141396);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2018-20669\",\n \"CVE-2019-3874\",\n \"CVE-2019-18885\",\n \"CVE-2020-10767\",\n \"CVE-2020-10781\",\n \"CVE-2020-14314\",\n \"CVE-2020-14331\",\n \"CVE-2020-14386\",\n \"CVE-2020-16166\",\n \"CVE-2020-24394\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\"\n );\n script_bugtraq_id(106748, 107488);\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5885)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-5885 advisory.\n\n - The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An\n attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are\n believed to be vulnerable. (CVE-2019-3874)\n\n - A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect\n Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the\n Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to\n perform a Spectre V2 style attack when this configuration is active. The highest threat from this\n vulnerability is to confidentiality. (CVE-2020-10767)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer\n dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka\n CID-09ba3bc9dd15. (CVE-2019-18885)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new\n filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the\n current umask is not considered. (CVE-2020-24394)\n\n - A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local\n account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in\n the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the\n creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large\n amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random\n userspace processes, possibly making the system inoperable. (CVE-2020-10781)\n\n - The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive\n information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to\n drivers/char/random.c and kernel/time/timer.c. (CVE-2020-16166)\n\n - An issue where a provided address with access_ok() is not checked was discovered in\n i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through\n 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory,\n resulting in a Denial of Service or privilege escalation. (CVE-2018-20669)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root\n privileges from unprivileged processes. The highest threat from this vulnerability is to data\n confidentiality and integrity. (CVE-2020-14386)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5885.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14386\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2025.401.4.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5885');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2025.401.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2025.401.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2025.401.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2025.401.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2025.401.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2025.401.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2025.401.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2025.401.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2025.401.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2025.401.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2025.401.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2025.401.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2025.401.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2025.401.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2025.401.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-2025.401.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-29T15:04:34", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4912-1 advisory.\n\n - In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-161151868References: N/A (CVE-2020-0423)\n\n - In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-162844689References: Upstream kernel (CVE-2020-0465)\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-147802478References: Upstream kernel (CVE-2020-0466)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of- bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\n - A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3411)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. (CVE-2021-20194)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4912-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0423", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-14351", "CVE-2020-14390", "CVE-2020-25285", "CVE-2020-25645", "CVE-2020-25669", "CVE-2020-27830", "CVE-2020-36158", "CVE-2021-20194", "CVE-2021-29154", "CVE-2021-3178", "CVE-2021-3411"], "modified": "2023-10-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.6.0-1053-oem"], "id": "UBUNTU_USN-4912-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148494", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4912-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148494);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2020-0423\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-14351\",\n \"CVE-2020-14390\",\n \"CVE-2020-25285\",\n \"CVE-2020-25645\",\n \"CVE-2020-25669\",\n \"CVE-2020-27830\",\n \"CVE-2020-36158\",\n \"CVE-2021-3178\",\n \"CVE-2021-3411\",\n \"CVE-2021-20194\",\n \"CVE-2021-29154\"\n );\n script_xref(name:\"USN\", value:\"4912-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4912-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4912-1 advisory.\n\n - In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could\n lead to local escalation of privilege in the kernel with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-161151868References: N/A (CVE-2020-0423)\n\n - In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds\n check. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-162844689References: Upstream kernel (CVE-2020-0465)\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic\n error. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-147802478References: Upstream kernel (CVE-2020-0466)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-\n bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a\n subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via\n READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this\n attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\n - A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found\n while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2021-3411)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config\n params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y ,\n CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution,\n the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap\n overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly\n privileges escalation. (CVE-2021-20194)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4912-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.6.0-1053-oem\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.6.0': {\n 'oem': '5.6.0-1053'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4912-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2020-0423', 'CVE-2020-0465', 'CVE-2020-0466', 'CVE-2020-14351', 'CVE-2020-14390', 'CVE-2020-25285', 'CVE-2020-25645', 'CVE-2020-25669', 'CVE-2020-27830', 'CVE-2020-36158', 'CVE-2021-3178', 'CVE-2021-3411', 'CVE-2021-20194', 'CVE-2021-29154');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4912-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-11T15:46:58", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-12352)A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-12351)A heap buffer overflow flaw was found in the way the Linux kernel's Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-24490)A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14331)A missing CAP_NET_RAW check in NFC socket creation in netfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.(CVE-2020-26088)perf:\n Fix race in perf_mmap_close function(CVE-2020-14351)A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.(CVE-2015-7837)A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-25641)A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-143560807(CVE-2020-0432)get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.(CVE-2020-25285)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2311)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7837", "CVE-2020-0432", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-14314", "CVE-2020-14331", "CVE-2020-14351", "CVE-2020-14386", "CVE-2020-24490", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-26088"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-source", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2311.NASL", "href": "https://www.tenable.com/plugins/nessus/142148", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142148);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2015-7837\",\n \"CVE-2020-0432\",\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-14314\",\n \"CVE-2020-14331\",\n \"CVE-2020-14351\",\n \"CVE-2020-14386\",\n \"CVE-2020-24490\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-26088\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2311)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):An information leak flaw\n was found in the way the Linux kernel's Bluetooth stack\n implementation handled initialization of stack memory\n when handling certain AMP packets. A remote attacker in\n adjacent range could use this flaw to leak small\n portions of stack memory on the system by sending a\n specially crafted AMP packets. The highest threat from\n this vulnerability is to data\n confidentiality.(CVE-2020-12352)A flaw was found in the\n way the Linux kernel Bluetooth implementation handled\n L2CAP packets with A2MP CID. A remote attacker in\n adjacent range could use this flaw to crash the system\n causing denial of service or potentially execute\n arbitrary code on the system by sending a specially\n crafted L2CAP packet. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as system availability.(CVE-2020-12351)A heap\n buffer overflow flaw was found in the way the Linux\n kernel's Bluetooth implementation processed extended\n advertising report events. This flaw allows a remote\n attacker in an adjacent range to crash the system,\n causing a denial of service or to potentially execute\n arbitrary code on the system by sending a specially\n crafted Bluetooth packet. The highest threat from this\n vulnerability is to confidentiality, integrity, as well\n as system availability.(CVE-2020-24490)A flaw was found\n in the Linux kernel in versions before 5.9-rc7. Traffic\n between two Geneve endpoints may be unencrypted when\n IPsec is configured to encrypt traffic for the specific\n UDP port used by the GENEVE tunnel allowing anyone\n between the two endpoints to read the traffic\n unencrypted. The main threat from this vulnerability is\n to data confidentiality.(CVE-2020-25645)A flaw was\n found in the Linux kernel's implementation of the\n invert video code on VGA consoles when a local attacker\n attempts to resize the console, calling an ioctl\n VT_RESIZE, which causes an out-of-bounds write to\n occur. This flaw allows a local user with access to the\n VGA console to crash the system, potentially escalating\n their privileges on the system. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-14331)A missing CAP_NET_RAW\n check in NFC socket creation in netfc/rawsock.c in the\n Linux kernel before 5.8.2 could be used by local\n attackers to create raw sockets, bypassing security\n mechanisms, aka CID-26896f01467a.(CVE-2020-26088)perf:\n Fix race in perf_mmap_close function(CVE-2020-14351)A\n flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root\n privileges from unprivileged processes. The highest\n threat from this vulnerability is to data\n confidentiality and integrity.(CVE-2020-14386)A flaw\n was found in the HDLC_PPP module of the Linux kernel in\n versions before 5.9-rc7. Memory corruption and a read\n overflow is caused by improper input validation in the\n ppp_cp_parse_cr function which can cause the system to\n crash or cause a denial of service. The highest threat\n from this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-25643)The Linux kernel, as used\n in Red Hat Enterprise Linux 7, kernel-rt, and\n Enterprise MRG 2 and when booted with UEFI Secure Boot\n enabled, allows local users to bypass intended\n securelevel/secureboot restrictions by leveraging\n improper handling of secure_boot flag across kexec\n reboot.(CVE-2015-7837)A flaw was found in the Linux\n kernel's implementation of biovecs in versions before\n 5.9-rc7. A zero-length biovec request issued by the\n block subsystem could cause the kernel to enter an\n infinite loop, causing a denial of service. This flaw\n allows a local attacker with basic privileges to issue\n requests to a block device, resulting in a denial of\n service. The highest threat from this vulnerability is\n to system availability.(CVE-2020-25641)A memory\n out-of-bounds read flaw was found in the Linux kernel\n before 5.9-rc2 with the ext3/ext4 file system, in the\n way it accesses a directory with broken indexing. This\n flaw allows a local user to crash the system if the\n directory exists. The highest threat from this\n vulnerability is to system\n availability.(CVE-2020-14314)In skb_to_mamac of\n networking.c, there is a possible out of bounds write\n due to an integer overflow. This could lead to local\n escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID:\n A-143560807(CVE-2020-0432)get_gate_page in mm/gup.c in\n the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows\n privilege escalation because of incorrect reference\n counting (caused by gate page mishandling) of the\n struct page that backs the vsyscall page. The result is\n a refcount underflow. This can be triggered by any\n 64-bit process that can use ptrace() or\n process_vm_readv(), aka\n CID-9fa2dd946743.(CVE-2020-25285)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2311\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1d2e51dd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bpftool-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"kernel-source-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:50", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-147802478References: Upstream kernel (CVE-2020-0466)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. (CVE-2020-25704)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476 (CVE-2021-0605)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. (CVE-2021-32399)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\n - fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)\n\n - A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out- of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.\n (CVE-2021-3501)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2022-0059)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0466", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25704", "CVE-2020-26541", "CVE-2020-28374", "CVE-2021-0605", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3347", "CVE-2021-33909", "CVE-2021-3501"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:bpftool", "p-cpe:/a:zte:cgsl_main:bpftool-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel", "p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists", "p-cpe:/a:zte:cgsl_main:kernel-core", "p-cpe:/a:zte:cgsl_main:kernel-cross-headers", "p-cpe:/a:zte:cgsl_main:kernel-debug", "p-cpe:/a:zte:cgsl_main:kernel-debug-core", "p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debug-devel", "p-cpe:/a:zte:cgsl_main:kernel-debug-modules", "p-cpe:/a:zte:cgsl_main:kernel-debug-modules-extra", "p-cpe:/a:zte:cgsl_main:kernel-debug-modules-internal", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64", "p-cpe:/a:zte:cgsl_main:kernel-devel", "p-cpe:/a:zte:cgsl_main:kernel-headers", "p-cpe:/a:zte:cgsl_main:kernel-ipaclones-internal", "p-cpe:/a:zte:cgsl_main:kernel-modules", "p-cpe:/a:zte:cgsl_main:kernel-modules-extra", "p-cpe:/a:zte:cgsl_main:kernel-modules-internal", "p-cpe:/a:zte:cgsl_main:kernel-selftests-internal", "p-cpe:/a:zte:cgsl_main:kernel-sign-keys", "p-cpe:/a:zte:cgsl_main:kernel-tools", "p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_main:perf", "p-cpe:/a:zte:cgsl_main:perf-debuginfo", "p-cpe:/a:zte:cgsl_main:python3-perf", "p-cpe:/a:zte:cgsl_main:python3-perf-debuginfo", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0059_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/160868", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0059. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160868);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-0466\",\n \"CVE-2020-25285\",\n \"CVE-2020-25643\",\n \"CVE-2020-25704\",\n \"CVE-2020-26541\",\n \"CVE-2020-28374\",\n \"CVE-2021-0605\",\n \"CVE-2021-3347\",\n \"CVE-2021-3501\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-32399\",\n \"CVE-2021-33034\",\n \"CVE-2021-33909\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2022-0059)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple\nvulnerabilities:\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic\n error. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-147802478References: Upstream kernel (CVE-2020-0466)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of\n service. (CVE-2020-25704)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This\n could lead to local information disclosure in the kernel with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476\n (CVE-2021-0605)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI\n controller. (CVE-2021-32399)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an\n hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free\n during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\n - fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer\n allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an\n unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)\n\n - A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API,\n is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-\n of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.\n (CVE-2021-3501)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0059\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-0466\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25285\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25643\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25704\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-28374\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-0605\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-27363\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-27364\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-27365\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-32399\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-33034\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-3347\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-33909\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-3501\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-modules-internal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-ipaclones-internal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-modules-internal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-selftests-internal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-sign-keys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'bpftool-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'bpftool-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-abi-whitelists-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-core-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-cross-headers-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debug-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debug-core-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debug-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debug-devel-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debug-modules-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debug-modules-extra-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debug-modules-internal-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debuginfo-common-x86_64-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-devel-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-headers-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-ipaclones-internal-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-modules-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-modules-extra-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-modules-internal-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-selftests-internal-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-sign-keys-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-tools-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-tools-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-tools-libs-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-tools-libs-devel-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'perf-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'perf-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'python3-perf-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'python3-perf-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-11T15:46:36", "description": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724).\n\n - CVE-2020-24490: Fixed a heap buffer overflow when processing extended advertising report events aka 'BleedingTooth' aka 'BadVibes' (bsc#1177726).\n\n - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' aka 'BadChoice' (bsc#1177725).\n\n - CVE-2020-25212: A TOCTOU mismatch in the NFS client code in the Linux kernel could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452 (bnc#1176381).\n\n - CVE-2020-25645: Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1177511).\n\n - CVE-2020-25643: Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (bnc#1177206).\n\n - CVE-2020-25641: A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allowed a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability (bnc#1177121).\n\n - CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).\n\n - CVE-2020-25668: Make FONTX ioctl use the tty pointer they were actually passed (bsc#1178123).\n\n - CVE-2020-25656: Extend func_buf_lock to readers (bnc#1177766).\n\n - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812 (bnc#1176485).\n\n - CVE-2020-14351: Fixed race in the perf_mmap_close() function (bsc#1177086).\n\n - CVE-2020-8694: Restrict energy meter to root access (bsc#1170415).\n\n - CVE-2020-16120: Check permission to open real file in overlayfs (bsc#1177470).\n\n - CVE-2020-25705: A ICMP global rate limiting side-channel was removed which could lead to e.g. the SADDNS attack (bsc#1175721)\n\nThe following non-security bugs were fixed :\n\n - 9p: Fix memory leak in v9fs_mount (git-fixes).\n\n - ACPI: Always build evged in (git-fixes).\n\n - ACPI: button: fix handling lid state changes when input device closed (git-fixes).\n\n - ACPI: configfs: Add missing config_item_put() to fix refcount leak (git-fixes).\n\n - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes).\n\n - ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes).\n\n - ACPI: EC: Reference count query handlers under lock (git-fixes).\n\n - ACPI / extlog: Check for RDMSR failure (git-fixes).\n\n - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).\n\n - act_ife: load meta modules before tcf_idr_check_alloc() (networking-stable-20_09_24).\n\n - Add CONFIG_CHECK_CODESIGN_EKU\n\n - airo: Fix read overflows sending packets (git-fixes).\n\n - ALSA: ac97: (cosmetic) align argument names (git-fixes).\n\n - ALSA: aoa: i2sbus: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).\n\n - ALSA: asihpi: fix spellint typo in comments (git-fixes).\n\n - ALSA: atmel: ac97: clarify operator precedence (git-fixes).\n\n - ALSA: bebob: potential info leak in hwdep_read() (git-fixes).\n\n - ALSA: compress_offload: remove redundant initialization (git-fixes).\n\n - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).\n\n - ALSA: core: pcm: simplify locking for timers (git-fixes).\n\n - ALSA: core: timer: clarify operator precedence (git-fixes).\n\n - ALSA: core: timer: remove redundant assignment (git-fixes).\n\n - ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes).\n\n - ALSA: fireworks: use semicolons rather than commas to separate statements (git-fixes).\n\n - ALSA: fix kernel-doc markups (git-fixes).\n\n - ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes).\n\n - ALSA: hda: (cosmetic) align function parameters (git-fixes).\n\n - ALSA: hda - Do not register a cb func if it is registered already (git-fixes).\n\n - ALSA: hda - Fix the return value if cb func is already registered (git-fixes).\n\n - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close (git-fixes).\n\n - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes).\n\n - ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes).\n\n - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes).\n\n - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes).\n\n - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes).\n\n - ALSA: hda/realtek - set mic to auto detect on a HP AIO machine (git-fixes).\n\n - ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes).\n\n - ALSA: hda: use semicolons rather than commas to separate statements (git-fixes).\n\n - ALSA: hdspm: Fix typo arbitary (git-fixes).\n\n - ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes).\n\n - ALSA: portman2x4: fix repeated word 'if' (git-fixes).\n\n - ALSA: rawmidi: (cosmetic) align function parameters (git-fixes).\n\n - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes).\n\n - ALSA: sparc: dbri: fix repeated word 'the' (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).\n\n - ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes).\n\n - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes).\n\n - ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes).\n\n - ALSA: usb-audio: fix spelling mistake 'Frequence' -> 'Frequency' (git-fixes).\n\n - ALSA: usb-audio: Line6 Pod Go interface requires static clock rate quirk (git-fixes).\n\n - ALSA: usb: scarless_gen2: fix endianness issue (git-fixes).\n\n - ALSA: vx: vx_core: clarify operator precedence (git-fixes).\n\n - ALSA: vx: vx_pcm: remove redundant assignment (git-fixes).\n\n - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes).\n\n - arm64: Enable PCI write-combine resources under sysfs (bsc#1175807).\n\n - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes).\n\n - ASoC: cs42l51: manage mclk shutdown delay (git-fixes).\n\n - ASoC: fsl: imx-es8328: add missing put_device() call in imx_es8328_probe() (git-fixes).\n\n - ASoC: fsl_sai: Instantiate snd_soc_dai_driver (git-fixes).\n\n - ASoC: img-i2s-out: Fix runtime PM imbalance on error (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 (git-fixes).\n\n - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes).\n\n - ASoC: kirkwood: fix IRQ error handling (git-fixes).\n\n - ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes).\n\n - ASoC: qcom: lpass-platform: fix memory leak (git-fixes).\n\n - ASoC: qcom: sdm845: set driver name correctly (git-fixes).\n\n - ASoC: sun50i-codec-analog: Fix duplicate use of ADC enable bits (git-fixes).\n\n - ASoC: tlv320aic32x4: Fix bdiv clock rate derivation (git-fixes).\n\n - ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions (git-fixes).\n\n - ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811 (git-fixes).\n\n - ata: ahci: mvebu: Make SATA PHY optional for Armada 3720 (git-fixes).\n\n - ata: sata_rcar: Fix DMA boundary mask (git-fixes).\n\n - ath10k: check idx validity in\n __ath10k_htt_rx_ring_fill_n() (git-fixes).\n\n - ath10k: fix array out-of-bounds access (git-fixes).\n\n - ath10k: fix memory leak for tpc_stats_final (git-fixes).\n\n - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes).\n\n - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).\n\n - ath10k: provide survey info as accumulated data (git-fixes).\n\n - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes).\n\n - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes).\n\n - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes).\n\n - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() (git-fixes).\n\n - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes).\n\n - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes).\n\n - ath9k_htc: Use appropriate rs_datalen type (git-fixes).\n\n - backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes).\n\n - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750).\n\n - block: ensure bdi->io_pages is always initialized (bsc#1177749).\n\n - block: Fix page_is_mergeable() for compound pages (bsc#1177814).\n\n - block: Set same_page to false in __bio_try_merge_page if ret is false (git-fixes).\n\n - Bluetooth: btusb: Fix memleak in btusb_mtk_submit_wmt_recv_urb (git-fixes).\n\n - Bluetooth: Fix refcount use-after-free issue (git-fixes).\n\n - Bluetooth: guard against controllers sending zero'd events (git-fixes).\n\n - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes).\n\n - Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes).\n\n - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes).\n\n - Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes).\n\n - Bluetooth: Only mark socket zapped after unlocking (git-fixes).\n\n - Bluetooth: prefetch channel before killing sock (git-fixes).\n\n - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (git-fixes).\n\n - bonding: show saner speed for broadcast mode (networking-stable-20_08_24).\n\n - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes).\n\n - brcmfmac: check ndev pointer (git-fixes).\n\n - brcmfmac: Fix double freeing in the fmac usb data path (git-fixes).\n\n - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes).\n\n - btrfs: Account for merged patches upstream Move below patches to sorted section.\n\n - btrfs: add owner and fs_info to alloc_state io_tree (bsc#1177854).\n\n - btrfs: allocate scrub workqueues outside of locks (bsc#1178183).\n\n - btrfs: block-group: do not set the wrong READA flag for btrfs_read_block_groups() (bsc#1176019).\n\n - btrfs: block-group: fix free-space bitmap threshold (bsc#1176019).\n\n - btrfs: block-group: refactor how we delete one block group item (bsc#1176019).\n\n - btrfs: block-group: refactor how we insert a block group item (bsc#1176019).\n\n - btrfs: block-group: refactor how we read one block group item (bsc#1176019).\n\n - btrfs: block-group: rename write_one_cache_group() (bsc#1176019).\n\n - btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687).\n\n - btrfs: cleanup cow block on error (bsc#1178584).\n\n - btrfs: do not force read-only after error in drop snapshot (bsc#1176354).\n\n - btrfs: do not set the full sync flag on the inode during page release (bsc#1177687).\n\n - btrfs: do not take an extra root ref at allocation time (bsc#1176019).\n\n - btrfs: drop logs when we've aborted a transaction (bsc#1176019).\n\n - btrfs: drop path before adding new uuid tree entry (bsc#1178176).\n\n - btrfs: fix a race between scrub and block group removal/allocation (bsc#1176019).\n\n - Btrfs: fix crash during unmount due to race with delayed inode workers (bsc#1176019).\n\n - btrfs: fix filesystem corruption after a device replace (bsc#1178395).\n\n - btrfs: fix NULL pointer dereference after failure to create snapshot (bsc#1178190).\n\n - btrfs: fix overflow when copying corrupt csums for a message (bsc#1178191).\n\n - btrfs: fix race between page release and a fast fsync (bsc#1177687).\n\n - btrfs: fix space cache memory leak after transaction abort (bsc#1178173).\n\n - btrfs: free block groups after free'ing fs trees (bsc#1176019).\n\n - btrfs: hold a ref on the root on the dead roots list (bsc#1176019).\n\n - btrfs: kill the subvol_srcu (bsc#1176019).\n\n - btrfs: make btrfs_cleanup_fs_roots use the radix tree lock (bsc#1176019).\n\n - btrfs: make inodes hold a ref on their roots (bsc#1176019).\n\n - btrfs: make the extent buffer leak check per fs info (bsc#1176019).\n\n - btrfs: move btrfs_rm_dev_replace_free_srcdev outside of all locks (bsc#1178395).\n\n - btrfs: move btrfs_scratch_superblocks into btrfs_dev_replace_finishing (bsc#1178395).\n\n - btrfs: move ino_cache_inode dropping out of btrfs_free_fs_root (bsc#1176019).\n\n - btrfs: move the block group freeze/unfreeze helpers into block-group.c (bsc#1176019).\n\n - btrfs: move the root freeing stuff into btrfs_put_root (bsc#1176019).\n\n - btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687).\n\n - btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687).\n\n - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856).\n\n - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855).\n\n - btrfs: reduce contention on log trees when logging checksums (bsc#1177687).\n\n - btrfs: release old extent maps during page release (bsc#1177687).\n\n - btrfs: remove no longer necessary chunk mutex locking cases (bsc#1176019).\n\n - btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687).\n\n - btrfs: rename member 'trimming' of block group to a more generic name (bsc#1176019).\n\n - btrfs: reschedule if necessary when logging directory items (bsc#1178585).\n\n - btrfs: scrub, only lookup for csums if we are dealing with a data extent (bsc#1176019).\n\n - btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579).\n\n - btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581).\n\n - btrfs: set the correct lockdep class for new nodes (bsc#1178184).\n\n - btrfs: set the lockdep class for log tree extent buffers (bsc#1178186).\n\n - btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687).\n\n - btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861).\n\n - bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal (git-fixes).\n\n - can: can_create_echo_skb(): fix echo skb generation:\n always use skb_clone() (git-fixes).\n\n - can: c_can: reg_map_(c,d)_can: mark as __maybe_unused (git-fixes).\n\n - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes).\n\n - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes).\n\n - can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes).\n\n - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes).\n\n - can: flexcan: remove ack_grp and ack_bit handling from driver (git-fixes).\n\n - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes).\n\n - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes).\n\n - can: peak_usb: add range checking in decode operations (git-fixes).\n\n - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes).\n\n - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).\n\n - can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes).\n\n - ceph: promote to unsigned long long before shifting (bsc#1178175).\n\n - clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes).\n\n - clk: at91: remove the checking of parent_name (git-fixes).\n\n - clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes).\n\n - clk: imx8mq: Fix usdhc parents order (git-fixes).\n\n - clk: keystone: sci-clk: fix parsing assigned-clock data during probe (git-fixes).\n\n - clk: meson: g12a: mark fclk_div2 as critical (git-fixes).\n\n - clk: qcom: gcc-sdm660: Fix wrong parent_map (git-fixes).\n\n - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes).\n\n - clk: socfpga: stratix10: fix the divider for the emac_ptp_free_clk (git-fixes).\n\n - clk: tegra: Always program PLL_E when enabled (git-fixes).\n\n - clk/ti/adpll: allocate room for terminating null (git-fixes).\n\n - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes).\n\n - clocksource/drivers/timer-gx6605s: Fixup counter reload (git-fixes).\n\n - cpuidle: Poll for a minimum of 30ns and poll for a tick if lower c-states are disabled (bnc#1176588).\n\n - create Storage / NVMe subsection\n\n - crypto: algif_aead - Do not set MAY_BACKLOG on the async path (git-fixes).\n\n - crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes).\n\n - crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes).\n\n - crypto: ccp - fix error handling (git-fixes).\n\n - crypto: dh - check validity of Z before export (bsc#1175718).\n\n - crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175718).\n\n - crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175718).\n\n - crypto: ecdh - check validity of Z before export (bsc#1175718).\n\n - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call (git-fixes).\n\n - crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() (git-fixes).\n\n - crypto: omap-sham - fix digcnt register handling with export/import (git-fixes).\n\n - crypto: picoxcell - Fix potential race condition bug (git-fixes).\n\n - crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA (git-fixes).\n\n - cxgb4: fix memory leak during module unload (networking-stable-20_09_24).\n\n - cxgb4: Fix offset when clearing filter byte counters (networking-stable-20_09_24).\n\n - cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes).\n\n - cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes).\n\n - dax: Fix compilation for CONFIG_DAX && !CONFIG_FS_DAX (bsc#1177817).\n\n - Disable module compression on SLE15 SP2 (bsc#1178307)\n\n - dma-direct: add missing set_memory_decrypted() for coherent mapping (bsc#1175898, ECO-2743).\n\n - dma-direct: always align allocation size in dma_direct_alloc_pages() (bsc#1175898, ECO-2743).\n\n - dma-direct: atomic allocations must come from atomic coherent pools (bsc#1175898, ECO-2743).\n\n - dma-direct: check return value when encrypting or decrypting memory (bsc#1175898, ECO-2743).\n\n - dma-direct: consolidate the error handling in dma_direct_alloc_pages (bsc#1175898, ECO-2743).\n\n - dma-direct: make uncached_kernel_address more general (bsc#1175898, ECO-2743).\n\n - dma-direct: provide function to check physical memory area validity (bsc#1175898, ECO-2743).\n\n - dma-direct: provide mmap and get_sgtable method overrides (bsc#1175898, ECO-2743).\n\n - dma-direct: re-encrypt memory if dma_direct_alloc_pages() fails (bsc#1175898, ECO-2743).\n\n - dma-direct: remove __dma_direct_free_pages (bsc#1175898, ECO-2743).\n\n - dma-direct: remove the dma_handle argument to\n __dma_direct_alloc_pages (bsc#1175898, ECO-2743).\n\n - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes).\n\n - dmaengine: dmatest: Check list for emptiness before access its last entry (git-fixes).\n\n - dmaengine: dw: Activate FIFO-mode for memory peripherals only (git-fixes).\n\n - dmaengine: mediatek: hsdma_probe: fixed a memory leak when devm_request_irq fails (git-fixes).\n\n - dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all (git-fixes).\n\n - dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all (git-fixes).\n\n - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes).\n\n - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes).\n\n - dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) (git-fixes).\n\n - dma-mapping: add a dma_can_mmap helper (bsc#1175898, ECO-2743).\n\n - dma-mapping: always use VM_DMA_COHERENT for generic DMA remap (bsc#1175898, ECO-2743).\n\n - dma-mapping: DMA_COHERENT_POOL should select GENERIC_ALLOCATOR (bsc#1175898, ECO-2743).\n\n - dma-mapping: make dma_atomic_pool_init self-contained (bsc#1175898, ECO-2743).\n\n - dma-mapping: merge the generic remapping helpers into dma-direct (bsc#1175898, ECO-2743).\n\n - dma-mapping: remove arch_dma_mmap_pgprot (bsc#1175898, ECO-2743).\n\n - dma-mapping: warn when coherent pool is depleted (bsc#1175898, ECO-2743).\n\n - dma-pool: add additional coherent pools to map to gfp mask (bsc#1175898, ECO-2743).\n\n - dma-pool: add pool sizes to debugfs (bsc#1175898, ECO-2743).\n\n - dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL (bsc#1175898, ECO-2743).\n\n - dma-pool: do not allocate pool memory from CMA (bsc#1175898, ECO-2743).\n\n - dma-pool: dynamically expanding atomic pools (bsc#1175898, ECO-2743).\n\n - dma-pool: Fix an uninitialized variable bug in atomic_pool_expand() (bsc#1175898, ECO-2743).\n\n - dma-pool: fix coherent pool allocations for IOMMU mappings (bsc#1175898, ECO-2743).\n\n - dma-pool: fix too large DMA pools on medium memory size systems (bsc#1175898, ECO-2743).\n\n - dma-pool: get rid of dma_in_atomic_pool() (bsc#1175898, ECO-2743).\n\n - dma-pool: introduce dma_guess_pool() (bsc#1175898, ECO-2743).\n\n - dma-pool: make sure atomic pool suits device (bsc#1175898, ECO-2743).\n\n - dma-pool: Only allocate from CMA when in same memory zone (bsc#1175898, ECO-2743).\n\n - dma-pool: scale the default DMA coherent pool size with memory capacity (bsc#1175898, ECO-2743).\n\n - dma-remap: separate DMA atomic pools from direct remap code (bsc#1175898, ECO-2743).\n\n - dm: Call proper helper to determine dax support (bsc#1177817).\n\n - dm/dax: Fix table reference counts (bsc#1178246).\n\n - docs: driver-api: remove a duplicated index entry (git-fixes).\n\n - drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes).\n\n - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes).\n\n - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config (git-fixes).\n\n - drm/radeon: revert 'Prefer lower feedback dividers' (bsc#1177384).\n\n - drop Storage / bsc#1171688 subsection No effect on expanded tree.\n\n - e1000: Do not perform reset in reset_task if we are already down (git-fixes).\n\n - EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1152489).\n\n - eeprom: at25: set minimum read/write access stride to 1 (git-fixes).\n\n - exfat: fix name_hash computation on big endian systems (git-fixes).\n\n - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes).\n\n - exfat: fix possible memory leak in exfat_find() (git-fixes).\n\n - exfat: fix use of uninitialized spinlock on error path (git-fixes).\n\n - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes).\n\n - exfat: fix wrong size update of stream entry by typo (git-fixes).\n\n - extcon: ptn5150: Fix usage of atomic GPIO with sleeping GPIO chips (git-fixes).\n\n - ftrace: Move RCU is watching check after recursion check (git-fixes).\n\n - fuse: do not ignore errors from fuse_writepages_fill() (bsc#1177193).\n\n - futex: Adjust absolute futex timeouts with per time namespace offset (bsc#1164648).\n\n - futex: Consistently use fshared as boolean (bsc#1149032).\n\n - futex: Fix incorrect should_fail_futex() handling (bsc#1149032).\n\n - futex: Remove put_futex_key() (bsc#1149032).\n\n - futex: Remove unused or redundant includes (bsc#1149032).\n\n - gpio: mockup: fix resource leak in error path (git-fixes).\n\n - gpio: rcar: Fix runtime PM imbalance on error (git-fixes).\n\n - gpio: siox: explicitly support only threaded irqs (git-fixes).\n\n - gpio: sprd: Clear interrupt when setting the type as edge (git-fixes).\n\n - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes).\n\n - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24).\n\n - gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11).\n\n - HID: hid-input: fix stylus battery reporting (git-fixes).\n\n - HID: ite: Add USB id match for Acer One S1003 keyboard dock (git-fixes).\n\n - HID: roccat: add bounds checking in kone_sysfs_write_settings() (git-fixes).\n\n - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery (git-fixes).\n\n - hwmon: (applesmc) check status earlier (git-fixes).\n\n - hwmon: (mlxreg-fan) Fix double 'Mellanox' (git-fixes).\n\n - hwmon: (pmbus/max34440) Fix status register reads for MAX344(51,60,61) (git-fixes).\n\n - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).\n\n - i2c: aspeed: Mask IRQ status to relevant bits (git-fixes).\n\n - i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() (git-fixes).\n\n - i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs (git-fixes).\n\n - i2c: cpm: Fix i2c_ram structure (git-fixes).\n\n - i2c: i801: Exclude device from suspend direct complete optimization (git-fixes).\n\n - i2c: imx: Fix external abort on interrupt in exit paths (git-fixes).\n\n - i2c: meson: fix clock setting overwrite (git-fixes).\n\n - i2c: meson: fixup rate calculation with filter delay (git-fixes).\n\n - i2c: owl: Clear NACK and BUS error bits (git-fixes).\n\n - i2c: rcar: Auto select RESET_CONTROLLER (git-fixes).\n\n - i2c: tegra: Prevent interrupt triggering after transfer timeout (git-fixes).\n\n - i2c: tegra: Restore pinmux on system resume (git-fixes).\n\n - i3c: master add i3c_master_attach_boardinfo to preserve boardinfo (git-fixes).\n\n - i3c: master: Fix error return in cdns_i3c_master_probe() (git-fixes).\n\n - ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897).\n\n - ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes).\n\n - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes).\n\n - ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes).\n\n - ibmvnic: set up 200GBPS speed (bsc#1129923 git-fixes).\n\n - icmp: randomize the global rate limiter (git-fixes).\n\n - ida: Free allocated bitmap in error path (git-fixes).\n\n - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes).\n\n - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes).\n\n - iio:accel:bma180: Fix use of true when should be iio_shared_by enum (git-fixes).\n\n - iio: adc: gyroadc: fix leak of device node iterator (git-fixes).\n\n - iio: adc: qcom-spmi-adc5: fix driver name (git-fixes).\n\n - iio: adc: stm32-adc: fix runtime autosuspend delay when slow polling (git-fixes).\n\n - iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes).\n\n - iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes).\n\n - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes).\n\n - iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio:magn:hmc5843: Fix passing true where iio_shared_by enum required (git-fixes).\n\n - ima: Do not ignore errors from crypto_shash_update() (git-fixes).\n\n - ima: extend boot_aggregate with kernel measurements (bsc#1177617).\n\n - ima: Remove semicolon at the end of ima_get_binary_runtime_size() (git-fixes).\n\n - Input: ati_remote2 - add missing newlines when printing module parameters (git-fixes).\n\n - Input: ep93xx_keypad - fix handling of platform_get_irq() error (git-fixes).\n\n - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (bsc#954532).\n\n - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() (git-fixes).\n\n - Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes).\n\n - Input: stmfts - fix a & vs && typo (git-fixes).\n\n - Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes).\n\n - Input: trackpoint - enable Synaptics trackpoints (git-fixes).\n\n - Input: twl4030_keypad - fix handling of platform_get_irq() error (git-fixes).\n\n - iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754).\n\n - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177297).\n\n - iommu/amd: Fix potential @entry null deref (bsc#1177283).\n\n - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177284).\n\n - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177285).\n\n - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177286).\n\n - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400).\n\n - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1177739).\n\n - ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24).\n\n - ipmi_si: Fix wrong return value in try_smi_init() (git-fixes).\n\n - ipv4: Initialize flowi4_multipath_hash in data path (networking-stable-20_09_24).\n\n - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route (git-fixes).\n\n - ipv4: Update exception handling for multipath routes via same device (networking-stable-20_09_24).\n\n - ipv6: avoid lockdep issue in fib6_del() (networking-stable-20_09_24).\n\n - ipv6: Fix sysctl max for fib_multipath_hash_policy (networking-stable-20_09_11).\n\n - ipvlan: fix device features (networking-stable-20_08_24).\n\n - iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes).\n\n - kabi fix for NFS: Fix flexfiles read failover (git-fixes).\n\n - kABI: Fix kABI after add CodeSigning extended key usage (bsc#1177353).\n\n - kABI: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979).\n\n - kabi/severities: ignore kABI for target_core_rbd Match behaviour for all other Ceph specific modules.\n\n - kallsyms: Refactor kallsyms_show_value() to take cred (git-fixes).\n\n - kbuild: enforce -Werror=return-type (bsc#1177281).\n\n - kernel-binary.spec.in: Exclude .config.old from kernel-devel - use tar excludes for .kernel-binary.spec.buildenv\n\n - kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.\n\n - KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages (git-fixes).\n\n - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes).\n\n - leds: mlxreg: Fix possible buffer overflow (git-fixes).\n\n - leds: mt6323: move period calculation (git-fixes).\n\n - libceph-add-support-for-CMPEXT-compare-extent-reques.pat ch: (bsc#1177090).\n\n - libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178177).\n\n - lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes).\n\n - lib/mpi: Add mpi_sub_ui() (bsc#1175718).\n\n - locking/rwsem: Disable reader optimistic spinning (bnc#1176588).\n\n - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes).\n\n - mac80211: handle lack of sband->bitrates in rates (git-fixes).\n\n - mac80211: skip mpath lookup also for control port tx (git-fixes).\n\n - mac802154: tx: fix use-after-free (git-fixes).\n\n - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes).\n\n - mailbox: avoid timer start from callback (git-fixes).\n\n - media: ati_remote: sanity check for both endpoints (git-fixes).\n\n - media: bdisp: Fix runtime PM imbalance on error (git-fixes).\n\n - media: camss: Fix a reference count leak (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak (git-fixes).\n\n - media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes).\n\n - media: firewire: fix memory leak (git-fixes).\n\n - media: i2c: ov5640: Enable data pins on poweron for DVP mode (git-fixes).\n\n - media: i2c: ov5640: Remain in power down for DVP mode unless streaming (git-fixes).\n\n - media: i2c: ov5640: Separate out mipi configuration from s_power (git-fixes).\n\n - media: imx274: fix frame interval handling (git-fixes).\n\n - media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes).\n\n - media: mc-device.c: fix memleak in media_device_register_entity (git-fixes).\n\n - media: media/pci: prevent memory leak in bttv_probe (git-fixes).\n\n - media: mx2_emmaprp: Fix memleak in emmaprp_probe (git-fixes).\n\n - media: omap3isp: Fix memleak in isp_probe (git-fixes).\n\n - media: ov5640: Correct Bit Div register in clock tree diagram (git-fixes).\n\n - media: platform: fcp: Fix a reference count leak (git-fixes).\n\n - media: platform: Improve queue set up flow for bug fixing (git-fixes).\n\n - media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes).\n\n - media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes).\n\n - media: rcar-csi2: Allocate v4l2_async_subdev dynamically (git-fixes).\n\n - media: rcar_drif: Allocate v4l2_async_subdev dynamically (git-fixes).\n\n - media: rcar_drif: Fix fwnode reference leak when parsing DT (git-fixes).\n\n - media: rcar-vin: Fix a reference count leak (git-fixes).\n\n - media: rc: do not access device via sysfs after rc_unregister_device() (git-fixes).\n\n - media: rc: uevent sysfs file races with rc_unregister_device() (git-fixes).\n\n - media: Revert 'media: exynos4-is: Add missed check for pinctrl_lookup_state()' (git-fixes).\n\n - media: rockchip/rga: Fix a reference count leak (git-fixes).\n\n - media: s5p-mfc: Fix a reference count leak (git-fixes).\n\n - media: saa7134: avoid a shift overflow (git-fixes).\n\n - media: smiapp: Fix error handling at NVM reading (git-fixes).\n\n - media: staging/intel-ipu3: css: Correctly reset some memory (git-fixes).\n\n - media: st-delta: Fix reference count leak in delta_run_work (git-fixes).\n\n - media: sti: Fix reference count leaks (git-fixes).\n\n - media: stm32-dcmi: Fix a reference count leak (git-fixes).\n\n - media: tc358743: cleanup tc358743_cec_isr (git-fixes).\n\n - media: tc358743: initialize variable (git-fixes).\n\n - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes).\n\n - media: ti-vpe: Fix a missing check and reference count leak (git-fixes).\n\n - media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes).\n\n - media: tw5864: check status of tw5864_frameinterval_get (git-fixes).\n\n - media: usbtv: Fix refcounting mixup (git-fixes).\n\n - media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes).\n\n - media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes).\n\n - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes).\n\n - media: uvcvideo: Set media controller entity functions (git-fixes).\n\n - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes).\n\n - media: v4l2-async: Document asd allocation requirements (git-fixes).\n\n - media: venus: core: Fix runtime PM imbalance in venus_probe (git-fixes).\n\n - media: vsp1: Fix runtime PM imbalance on error (git-fixes).\n\n - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error (git-fixes).\n\n - memory: omap-gpmc: Fix a couple off by ones (git-fixes).\n\n - memory: omap-gpmc: Fix build error without CONFIG_OF (git-fixes).\n\n - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes).\n\n - mfd: sm501: Fix leaks in probe() (git-fixes).\n\n - mic: vop: copy data to kernel space then write to io memory (git-fixes).\n\n - misc: mic: scif: Fix error handling path (git-fixes).\n\n - misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes).\n\n - misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes).\n\n - mm: call cond_resched() from deferred_init_memmap() (git fixes (mm/init), bsc#1177697).\n\n - mmc: core: do not set limits.discard_granularity as 0 (git-fixes).\n\n - mmc: core: Rework wp-gpio handling (git-fixes).\n\n - mm, compaction: fully assume capture is not NULL in compact_zone_order() (git fixes (mm/compaction), bsc#1177681).\n\n - mm, compaction: make capture control handling safe wrt interrupts (git fixes (mm/compaction), bsc#1177681).\n\n - mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).\n\n - mmc: sdhci: Add LTR support for some Intel BYT based controllers (git-fixes).\n\n - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes).\n\n - mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes).\n\n - mm/debug.c: always print flags in dump_page() (git fixes (mm/debug)).\n\n - mm: do not panic when links can't be created in sysfs (bsc#1178002).\n\n - mm: do not rely on system state to detect hot-plug operations (bsc#1178002).\n\n - mm: fix a race during THP splitting (bsc#1178255).\n\n - mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)).\n\n - mm: initialize deferred pages with interrupts enabled (git fixes (mm/init), bsc#1177697).\n\n - mm: madvise: fix vma user-after-free (git-fixes).\n\n - mm/memcontrol.c: lost css_put in memcg_expand_shrinker_maps() (bsc#1177694).\n\n - mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)).\n\n - mm/migrate.c: also overwrite error when it is bigger than zero (git fixes (mm/move_pages), bsc#1177683).\n\n - mm: move_pages: report the number of non-attempted pages (git fixes (mm/move_pages), bsc#1177683).\n\n - mm: move_pages: return valid node id in status if the page is already on the target node (git fixes (mm/move_pages), bsc#1177683).\n\n - mm/pagealloc.c: call touch_nmi_watchdog() on max order boundaries in deferred init (git fixes (mm/init), bsc#1177697).\n\n - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)).\n\n - mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)).\n\n - mm: replace memmap_context by meminit_context (bsc#1178002).\n\n - mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)).\n\n - mm, slab/slub: improve error reporting and overhead of cache_from_obj() (mm/slub bsc#1165692).\n\n - mm, slab/slub: move and improve cache_from_obj() (mm/slub bsc#1165692).\n\n - mm, slub: extend checks guarded by slub_debug static key (mm/slub bsc#1165692).\n\n - mm, slub: extend slub_debug syntax for multiple blocks (mm/slub bsc#1165692).\n\n - mm, slub: introduce kmem_cache_debug_flags() (mm/slub bsc#1165692).\n\n - mm, slub: introduce static key for slub_debug() (mm/slub bsc#1165692).\n\n - mm, slub: make reclaim_account attribute read-only (mm/slub bsc#1165692).\n\n - mm, slub: make remaining slub_debug related attributes read-only (mm/slub bsc#1165692).\n\n - mm, slub: make some slub_debug related attributes read-only (mm/slub bsc#1165692).\n\n - mm, slub: remove runtime allocation order changes (mm/slub bsc#1165692).\n\n - mm, slub: restore initial kmem_cache flags (mm/slub bsc#1165692).\n\n - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes).\n\n - mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)).\n\n - module: Correctly truncate sysfs sections output (git-fixes).\n\n - module: Do not expose section addresses to non-CAP_SYSLOG (git-fixes).\n\n - module: Refactor section attr into bin attribute (git-fixes).\n\n - module: statically initialize init section freeing data (git-fixes).\n\n - Move upstreamed BT patch into sorted section\n\n - Move upstreamed intel-vbtn patch into sorted section\n\n - mt76: add missing locking around ampdu action (git-fixes).\n\n - mt76: clear skb pointers from rx aggregation reorder buffer during cleanup (git-fixes).\n\n - mt76: do not use devm API for led classdev (git-fixes).\n\n - mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw (git-fixes).\n\n - mt76: fix LED link time failure (git-fixes).\n\n - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes).\n\n - mtd: lpddr: Fix bad logic in print_drs_error (git-fixes).\n\n - mtd: lpddr: fix excessive stack usage with clang (git-fixes).\n\n - mtd: mtdoops: Do not write panic data twice (git-fixes).\n\n - mtd: rawnand: gpmi: Fix runtime PM imbalance on error (git-fixes).\n\n - mtd: rawnand: omap_elm: Fix runtime PM imbalance on error (git-fixes).\n\n - mtd: rawnand: stm32_fmc2: fix a buffer overflow (git-fixes).\n\n - mtd: rawnand: vf610: disable clk on error handling path in probe (git-fixes).\n\n - mtd: spinand: gigadevice: Add QE Bit (git-fixes).\n\n - mtd: spinand: gigadevice: Only one dummy byte in QUADIO (git-fixes).\n\n - mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes).\n\n - mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes).\n\n - mwifiex: fix double free (git-fixes).\n\n - mwifiex: remove function pointer check (git-fixes).\n\n - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes).\n\n - net: bridge: br_vlan_get_pvid_rcu() should dereference the VLAN group under RCU (networking-stable-20_09_24).\n\n - net/core: check length before updating Ethertype in skb_mpls_(push,pop) (git-fixes).\n\n - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (networking-stable-20_09_24).\n\n - net: disable netpoll on fresh napis (networking-stable-20_09_11).\n\n - net: dsa: b53: check for timeout (networking-stable-20_08_24).\n\n - net: dsa: rtl8366: Properly clear member config (networking-stable-20_09_24).\n\n - net: fec: correct the error path for regulator disable in probe (networking-stable-20_08_24).\n\n - net: Fix bridge enslavement failure (networking-stable-20_09_24).\n\n - net: Fix potential wrong skb->protocol in skb_vlan_untag() (networking-stable-20_08_24).\n\n - net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11).\n\n - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC (networking-stable-20_09_24).\n\n - netlabel: fix problems with mapping removal (networking-stable-20_09_11).\n\n - net: lantiq: Disable IRQs only if NAPI gets scheduled (networking-stable-20_09_24).\n\n - net: lantiq: Use napi_complete_done() (networking-stable-20_09_24).\n\n - net: lantiq: use netif_tx_napi_add() for TX NAPI (networking-stable-20_09_24).\n\n - net: lantiq: Wake TX queue again (networking-stable-20_09_24).\n\n - net/mlx5e: Enable adding peer miss rules only if merged eswitch is supported (networking-stable-20_09_24).\n\n - net/mlx5e: TLS, Do not expose FPGA TLS counter if not supported (networking-stable-20_09_24).\n\n - net/mlx5: Fix FTE cleanup (networking-stable-20_09_24).\n\n - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461).\n\n - net: phy: Avoid NPD upon phy_detach() when driver is unbound (networking-stable-20_09_24).\n\n - net: phy: Do not warn in phy_stop() on PHY_DOWN (networking-stable-20_09_24).\n\n - net: phy: realtek: fix rtl8211e rx/tx delay config (git-fixes).\n\n - net: qrtr: fix usage of idr in port assignment to socket (networking-stable-20_08_24).\n\n - net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments() error flow (networking-stable-20_08_24).\n\n - net: sctp: Fix IPv6 ancestor_size calc in sctp_copy_descendant (networking-stable-20_09_24).\n\n - net: sctp: Fix negotiation of the number of data streams (networking-stable-20_08_24).\n\n - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (networking-stable-20_08_24).\n\n - net: systemport: Fix memleak in bcm_sysport_probe (networking-stable-20_09_11).\n\n - net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-20_09_11).\n\n - net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes).\n\n - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (git-fixes).\n\n - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes).\n\n - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() (git-fixes).\n\n - nfp: use correct define to return NONE fec (networking-stable-20_09_24).\n\n - nfsd4: fix NULL dereference in nfsd/clients display code (git-fixes).\n\n - NFS: Do not move layouts to plh_return_segs list while in use (git-fixes).\n\n - NFS: Do not return layout segments that are in use (git-fixes).\n\n - nfs: ensure correct writeback errors are returned on close() (git-fixes).\n\n - NFS: Fix flexfiles read failover (git-fixes).\n\n - nfs: Fix security label length not being reset (bsc#1176381).\n\n - nfs: nfs_file_write() should check for writeback errors (git-fixes).\n\n - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes).\n\n - nl80211: fix non-split wiphy information (git-fixes).\n\n - NTB: hw: amd: fix an issue about leak system resources (git-fixes).\n\n - ntb: intel: Fix memleak in intel_ntb_pci_probe (git-fixes).\n\n - nvme-multipath: retry commands for dying queues (bsc#1171688).\n\n - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).\n\n - nvme-rdma: fix crash when connect rejected (bsc#1174748).\n\n - overflow: Include header file with SIZE_MAX declaration (git-fixes).\n\n - p54: avoid accessing the data mapped to streaming DMA (git-fixes).\n\n - PCI: aardvark: Check for errors from pci_bridge_emul_init() call (git-fixes).\n\n - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes).\n\n - PCI: Avoid double hpmemsize MMIO window assignment (git-fixes).\n\n - PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979).\n\n - PCI: tegra194: Fix runtime PM imbalance on error (git-fixes).\n\n - PCI: tegra: Fix runtime PM imbalance on error (git-fixes).\n\n - percpu: fix first chunk size calculation for populated bitmap (git-fixes (mm/percpu)).\n\n - perf/x86/amd: Fix sampling Large Increment per Cycle events (bsc#1152489).\n\n - perf/x86: Fix n_pair for cancelled txn (bsc#1152489).\n\n - phy: ti: am654: Fix a leak in serdes_am654_probe() (git-fixes).\n\n - pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB (git-fixes).\n\n - pinctrl: mcp23s08: Fix mcp23x17 precious range (git-fixes).\n\n - pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser (git-fixes).\n\n - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes).\n\n - PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification.\n\n - PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification (bsc#1177353).\n\n - Platform: OLPC: Fix memleak in olpc_ec_probe (git-fixes).\n\n - platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes).\n\n - platform/x86: fix kconfig dependency warning for LG_LAPTOP (git-fixes).\n\n - platform/x86: intel_pmc_core: do not create a static struct device (git-fixes).\n\n - platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting (bsc#1175599).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes).\n\n - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes).\n\n - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes).\n\n - PM: hibernate: Batch hibernate and resume IO requests (bsc#1178079).\n\n - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes).\n\n - PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes).\n\n - pNFS/flexfiles: Ensure we initialise the mirror bsizes correctly on read (git-fixes).\n\n - powerpc/book3s64/radix: Make radix_mem_block_size 64bit (bsc#1055186 ltc#153436 git-fixes).\n\n - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729).\n\n - powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (bsc#1065729).\n\n - powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729).\n\n - powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729).\n\n - powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729).\n\n - powerpc/papr_scm: Fix warning triggered by perf_stats_show() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes).\n\n - powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729).\n\n - powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729).\n\n - powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#1065729).\n\n - powerpc/pseries: Avoid using addr_to_pfn in real mode (jsc#SLE-9246 git-fixes).\n\n - powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc#1077428 ltc#163882 git-fixes).\n\n - powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729).\n\n - power: supply: bq27xxx: report 'not charging' on all types (git-fixes).\n\n - power: supply: max17040: Correct voltage reading (git-fixes).\n\n - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes).\n\n - pwm: img: Fix NULL pointer access in probe (git-fixes).\n\n - pwm: lpss: Add range limit check for the base_unit register value (git-fixes).\n\n - pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() (git-fixes).\n\n - qla2xxx: Return EBUSY on fcport deletion (bsc#1171688).\n\n - qtnfmac: fix resource leaks on unsupported iftype error return path (git-fixes).\n\n - r8169: fix data corruption issue on RTL8402 (bsc#1174098).\n\n - r8169: fix issue with forced threading in combination with shared interrupts (git-fixes).\n\n - r8169: fix operation under forced interrupt threading (git-fixes).\n\n - rapidio: fix the missed put_device() for rio_mport_add_riodev (git-fixes).\n\n - rbd-add-rbd_img_fill_cmp_and_write_from_bvecs.patch:\n (bsc#1177090).\n\n - rbd-add-support-for-COMPARE_AND_WRITE-CMPEXT.patch:\n (bsc#1177090).\n\n - RDMA/hfi1: Correct an interlock issue for TID RDMA WRITE request (bsc#1175621).\n\n - Refresh patches.suse/fnic-to-not-call-scsi_done-for-unhandled-co mmands.patch (bsc#1168468, bsc#1171675).\n\n - regulator: axp20x: fix LDO2/4 description (git-fixes).\n\n - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes).\n\n - regulator: resolve supply after creating regulator (git-fixes).\n\n - rename Other drivers / Intel IOMMU subsection to IOMMU\n\n - reset: sti: reset-syscfg: fix struct description warnings (git-fixes).\n\n - ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes).\n\n - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)\n\n - rtc: ds1374: fix possible race condition (git-fixes).\n\n - rtc: rx8010: do not modify the global rtc ops (git-fixes).\n\n - rtc: sa1100: fix possible race condition (git-fixes).\n\n - rtl8xxxu: prevent potential memory leak (git-fixes).\n\n - rtw88: increse the size of rx buffer size (git-fixes).\n\n - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177799 LTC#188733).\n\n - s390/dasd: Fix zero write for FBA devices (bsc#1177801 LTC#188735).\n\n - s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979).\n\n - sched/fair: Ignore cache hotness for SMT migration (bnc#1155798 (CPU scheduler functional and performance backports)).\n\n - sched/fair: Use dst group while checking imbalance for NUMA balancer (bnc#1155798 (CPU scheduler functional and performance backports)).\n\n - sched/numa: Avoid creating large imbalances at task creation time (bnc#1176588).\n\n - sched/numa: Check numa balancing information only when enabled (bnc#1176588).\n\n - sched/numa: Use runnable_avg to classify node (bnc#1155798 (CPU scheduler functional and performance backports)).\n\n - scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729).\n\n - scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226).\n\n - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258).\n\n - scsi: mptfusion: Do not use GFP_ATOMIC for larger DMA allocations (bsc#1175898, ECO-2743).\n\n - scsi: qla2xxx: Add IOCB resource tracking (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Add rport fields in debugfs (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Add SLER and PI control support (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix memory size truncation (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix MPI reset needed message (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Performance tweak (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1171688 bsc#1174003).\n\n - sctp: not disable bh in the whole sctp_get_port_local() (networking-stable-20_09_11).\n\n - selftests/timers: Turn off timeout setting (git-fixes).\n\n - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes).\n\n - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes).\n\n - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes).\n\n - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes).\n\n - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes).\n\n - serial: uartps: Wait for tx_empty in console setup (git-fixes).\n\n - slimbus: core: check get_addr before removing laddr ida (git-fixes).\n\n - slimbus: core: do not enter to clock pause mode in core (git-fixes).\n\n - slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback (git-fixes).\n\n - soc: fsl: qbman: Fix return value on success (git-fixes).\n\n - spi: dw-pci: free previously allocated IRQs if desc->setup() fails (git-fixes).\n\n - spi: fsl-espi: Only process interrupts for expected events (git-fixes).\n\n - spi: omap2-mcspi: Improve performance waiting for CHSTAT (git-fixes).\n\n - spi: spi-s3c64xx: Check return values (git-fixes).\n\n - spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath() (git-fixes).\n\n - spi: sprd: Release DMA channel also on probe deferral (git-fixes).\n\n - spi: stm32: Rate-limit the 'Communication suspended' message (git-fixes).\n\n - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes).\n\n - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes).\n\n - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes).\n\n - staging: octeon: repair 'fixed-link' support (git-fixes).\n\n - staging:r8188eu: avoid skb_clone for amsdu to msdu conversion (git-fixes).\n\n - staging: rtl8192u: Do not use GFP_KERNEL in atomic context (git-fixes).\n\n - SUNRPC: Revert 241b1f419f0e ('SUNRPC: Remove xdr_buf_trim()') (git-fixes).\n\n - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (git-fixes).\n\n - taprio: Fix allowing too small intervals (networking-stable-20_09_24).\n\n - target-compare-and-write-backend-driver-sense-handli.pat ch: (bsc#1177719).\n\n - target-rbd-add-emulate_legacy_capacity-dev-attribute.pat ch: (bsc#1177109).\n\n - target-rbd-add-WRITE-SAME-support.patch: (bsc#1177090).\n\n - target-rbd-conditionally-fix-off-by-one-bug-in-get_b.pat ch: (bsc#1177109).\n\n - target-rbd-detect-stripe_unit-SCSI-block-size-misali.pat ch: (bsc#1177090).\n\n - target-rbd-fix-unmap-discard-block-size-conversion.patch : (bsc#1177271).\n\n - target-rbd-fix-unmap-handling-with-unmap_zeroes_data.pat ch: (bsc#1177271).\n\n - target-rbd-support-COMPARE_AND_WRITE.patch:\n (bsc#1177090).\n\n - thermal: rcar_thermal: Handle probe error gracefully (git-fixes).\n\n - time: Prevent undefined behaviour in timespec64_to_ns() (bsc#1164648).\n\n - tipc: fix memory leak caused by tipc_buf_append() (git-fixes).\n\n - tipc: Fix memory leak in tipc_group_create_member() (networking-stable-20_09_24).\n\n - tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11).\n\n - tipc: fix shutdown() of connection oriented socket (networking-stable-20_09_24).\n\n - tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes).\n\n - tipc: fix uninit skb->data in tipc_nl_compat_dumpit() (networking-stable-20_08_24).\n\n - tipc: use skb_unshare() instead in tipc_buf_append() (networking-stable-20_09_24).\n\n - tracing: Check return value of __create_val_fields() before using its result (git-fixes).\n\n - tracing: Save normal string variables (git-fixes).\n\n - tty: ipwireless: fix error handling (git-fixes).\n\n - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes).\n\n - uio: free uio id after uio file node is freed (git-fixes).\n\n - Update config files. Enable ACPI_PCI_SLOT and HOTPLUG_PCI_ACPI (bsc#1177194).\n\n - Update patches.suse/target-add-rbd-backend.patch: ().\n (simplify block to byte calculations and use consistent error paths)\n\n - USB: adutux: fix debugging (git-fixes).\n\n - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes).\n\n - usb: cdc-acm: fix cooldown mechanism (git-fixes).\n\n - USB: cdc-acm: handle broken union descriptors (git-fixes).\n\n - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync() (git-fixes).\n\n - usb: core: Solve race condition in anchor cleanup functions (git-fixes).\n\n - usb: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes).\n\n - usb: dwc2: Fix parameter type in function pointer prototype (git-fixes).\n\n - usb: dwc3: core: add phy cleanup for probe error handling (git-fixes).\n\n - usb: dwc3: core: do not trigger runtime pm when remove driver (git-fixes).\n\n - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes).\n\n - usb: dwc3: gadget: Resume pending requests after CLEAR_STALL (git-fixes).\n\n - usb: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes).\n\n - usb: dwc3: pci: Allow Elkhart Lake to utilize DSM method for PM functionality (git-fixes).\n\n - usb: dwc3: simple: add support for Hikey 970 (git-fixes).\n\n - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes).\n\n - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes).\n\n - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes).\n\n - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes).\n\n - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes).\n\n - usb: gadget: function: printer: fix use-after-free in\n __lock_acquire (git-fixes).\n\n - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes).\n\n - usblp: fix race between disconnect() and read() (git-fixes).\n\n - usb: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n\n - usb: ohci: Default to per-port over-current protection (git-fixes).\n\n - USB: serial: cyberjack: fix write-URB completion race (git-fixes).\n\n - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes).\n\n - USB: serial: option: add Cellient MPL200 card (git-fixes).\n\n - USB: serial: option: Add Telit FT980-KS composition (git-fixes).\n\n - USB: serial: pl2303: add device-id for HP GC device (git-fixes).\n\n - USB: serial: qcserial: fix altsetting probing (git-fixes).\n\n - usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes).\n\n - usb: xhci-mtk: Fix typo (git-fixes).\n\n - usb: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes).\n\n - vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn (bsc#1176979).\n\n - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).\n\n - virtio-net: do not disable guest csum when disable LRO (git-fixes).\n\n - VMCI: check return value of get_user_pages_fast() for errors (git-fixes).\n\n - vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes).\n\n - w1: mxc_w1: Fix timeout resolution problem leading to bus error (git-fixes).\n\n - watchdog: Fix memleak in watchdog_cdev_register (git-fixes).\n\n - watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3 (git-fixes).\n\n - watchdog: Use put_device on error (git-fixes).\n\n - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes).\n\n - wlcore: fix runtime pm imbalance in wl1271_tx_work (git-fixes).\n\n - wlcore: fix runtime pm imbalance in wlcore_regdomain_config (git-fixes).\n\n - writeback: Avoid skipping inode writeback (bsc#1177755).\n\n - writeback: Fix sync livelock due to b_dirty_time processing (bsc#1177755).\n\n - writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755).\n\n - X.509: Add CodeSigning extended key usage parsing (bsc#1177353).\n\n - x86/alternative: Do not call text_poke() in lazy TLB mode (bsc#1175749).\n\n - x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1152489).\n\n - x86/ioapic: Unbreak check_timer() (bsc#1152489).\n\n - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).\n\n - x86/(mce,mm): Unmap the entire page if the whole page is affected and poisoned (bsc#1177765).\n\n - x86/mm: unencrypted non-blocking DMA allocations use coherent pools (bsc#1175898, ECO-2743).\n\n - x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1176907).\n\n - x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713).\n\n - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411).\n\n - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411).\n\n - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410).\n\n - xen/events: block rogue events for some time (XSA-332 bsc#1177411).\n\n - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411).\n\n - xen/events: do not use chip_data for legacy IRQs (bsc#1065600).\n\n - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).\n\n - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411).\n\n - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411).\n\n - xen/gntdev.c: Mark pages as dirty (bsc#1065600).\n\n - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xen/pvcallsback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).\n\n - xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146).\n\n - xfs: do not update mtime on COW faults (bsc#1167030).\n\n - xfs: fix high key handling in the rt allocator's query_range function (git-fixes).\n\n - xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes).\n\n - xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files (git-fixes).\n\n - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes).\n\n - xfs: force the log after remapping a synchronous-writes file (git-fixes).\n\n - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166).\n\n - xfs: limit entries returned when counting fsmap records (git-fixes).\n\n - xfs: remove unused variable 'done' (bsc#1166166).\n\n - xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes).\n\n - xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166).\n\n - xhci: do not create endpoint debugfs entry before ring buffer is set (git-fixes).\n\n - xprtrdma: fix incorrect header size calculations (git-fixes).\n\n - yam: fix possible memory leak in yam_init_driver (git-fixes).", "cvss3": {}, "published": "2020-12-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-2112)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12351", "CVE-2020-12352", "CVE-2020-14351", "CVE-2020-16120", "CVE-2020-24490", "CVE-2020-25212", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-8694"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2112.NASL", "href": "https://www.tenable.com/plugins/nessus/143398", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2112.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143398);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-14351\",\n \"CVE-2020-16120\",\n \"CVE-2020-24490\",\n \"CVE-2020-25212\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-8694\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-2112)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The openSUSE Leap 15.2 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-12351: Fixed a type confusion while processing\n AMP packets aka 'BleedingTooth' aka 'BadKarma'\n (bsc#1177724).\n\n - CVE-2020-24490: Fixed a heap buffer overflow when\n processing extended advertising report events aka\n 'BleedingTooth' aka 'BadVibes' (bsc#1177726).\n\n - CVE-2020-12352: Fixed an information leak when\n processing certain AMP packets aka 'BleedingTooth' aka\n 'BadChoice' (bsc#1177725).\n\n - CVE-2020-25212: A TOCTOU mismatch in the NFS client code\n in the Linux kernel could be used by local attackers to\n corrupt memory or possibly have unspecified other impact\n because a size check is in fs/nfs/nfs4proc.c instead of\n fs/nfs/nfs4xdr.c, aka CID-b4487b935452 (bnc#1176381).\n\n - CVE-2020-25645: Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt\n traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read\n the traffic unencrypted. The main threat from this\n vulnerability is to data confidentiality (bnc#1177511).\n\n - CVE-2020-25643: Memory corruption and a read overflow is\n caused by improper input validation in the\n ppp_cp_parse_cr function which can cause the system to\n crash or cause a denial of service. The highest threat\n from this vulnerability is to data confidentiality and\n integrity as well as system availability (bnc#1177206).\n\n - CVE-2020-25641: A zero-length biovec request issued by\n the block subsystem could cause the kernel to enter an\n infinite loop, causing a denial of service. This flaw\n allowed a local attacker with basic privileges to issue\n requests to a block device, resulting in a denial of\n service. The highest threat from this vulnerability is\n to system availability (bnc#1177121).\n\n - CVE-2020-25704: Fixed a memory leak in\n perf_event_parse_addr_filter() (bsc#1178393).\n\n - CVE-2020-25668: Make FONTX ioctl use the tty pointer\n they were actually passed (bsc#1178123).\n\n - CVE-2020-25656: Extend func_buf_lock to readers\n (bnc#1177766).\n\n - CVE-2020-25285: Fixed a race condition between hugetlb\n sysctl handlers in mm/hugetlb.c in the Linux kernel\n could be used by local attackers to corrupt memory,\n cause a NULL pointer dereference, or possibly have\n unspecified other impact, aka CID-17743798d812\n (bnc#1176485).\n\n - CVE-2020-14351: Fixed race in the perf_mmap_close()\n function (bsc#1177086).\n\n - CVE-2020-8694: Restrict energy meter to root access\n (bsc#1170415).\n\n - CVE-2020-16120: Check permission to open real file in\n overlayfs (bsc#1177470).\n\n - CVE-2020-25705: A ICMP global rate limiting side-channel\n was removed which could lead to e.g. the SADDNS attack\n (bsc#1175721)\n\nThe following non-security bugs were fixed :\n\n - 9p: Fix memory leak in v9fs_mount (git-fixes).\n\n - ACPI: Always build evged in (git-fixes).\n\n - ACPI: button: fix handling lid state changes when input\n device closed (git-fixes).\n\n - ACPI: configfs: Add missing config_item_put() to fix\n refcount leak (git-fixes).\n\n - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs\n (git-fixes).\n\n - ACPI: debug: do not allow debugging when ACPI is\n disabled (git-fixes).\n\n - ACPI: EC: Reference count query handlers under lock\n (git-fixes).\n\n - ACPI / extlog: Check for RDMSR failure (git-fixes).\n\n - ACPI: video: use ACPI backlight for HP 635 Notebook\n (git-fixes).\n\n - act_ife: load meta modules before tcf_idr_check_alloc()\n (networking-stable-20_09_24).\n\n - Add CONFIG_CHECK_CODESIGN_EKU\n\n - airo: Fix read overflows sending packets (git-fixes).\n\n - ALSA: ac97: (cosmetic) align argument names (git-fixes).\n\n - ALSA: aoa: i2sbus: use DECLARE_COMPLETION_ONSTACK()\n macro (git-fixes).\n\n - ALSA: asihpi: fix spellint typo in comments (git-fixes).\n\n - ALSA: atmel: ac97: clarify operator precedence\n (git-fixes).\n\n - ALSA: bebob: potential info leak in hwdep_read()\n (git-fixes).\n\n - ALSA: compress_offload: remove redundant initialization\n (git-fixes).\n\n - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro\n (git-fixes).\n\n - ALSA: core: pcm: simplify locking for timers\n (git-fixes).\n\n - ALSA: core: timer: clarify operator precedence\n (git-fixes).\n\n - ALSA: core: timer: remove redundant assignment\n (git-fixes).\n\n - ALSA: ctl: Workaround for lockdep warning wrt\n card->ctl_files_rwlock (git-fixes).\n\n - ALSA: fireworks: use semicolons rather than commas to\n separate statements (git-fixes).\n\n - ALSA: fix kernel-doc markups (git-fixes).\n\n - ALSA: hda: auto_parser: remove shadowed variable\n declaration (git-fixes).\n\n - ALSA: hda: (cosmetic) align function parameters\n (git-fixes).\n\n - ALSA: hda - Do not register a cb func if it is\n registered already (git-fixes).\n\n - ALSA: hda - Fix the return value if cb func is already\n registered (git-fixes).\n\n - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close\n (git-fixes).\n\n - ALSA: hda: prevent undefined shift in\n snd_hdac_ext_bus_get_link() (git-fixes).\n\n - ALSA: hda/realtek - Add mute Led support for HP\n Elitebook 845 G7 (git-fixes).\n\n - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA\n with ALC887 (git-fixes).\n\n - ALSA: hda/realtek - Enable headphone for ASUS TM420\n (git-fixes).\n\n - ALSA: hda/realtek - Fixed HP headset Mic can't be\n detected (git-fixes).\n\n - ALSA: hda/realtek - set mic to auto detect on a HP AIO\n machine (git-fixes).\n\n - ALSA: hda/realtek - The front Mic on a HP machine does\n not work (git-fixes).\n\n - ALSA: hda: use semicolons rather than commas to separate\n statements (git-fixes).\n\n - ALSA: hdspm: Fix typo arbitary (git-fixes).\n\n - ALSA: mixart: Correct comment wrt obsoleted tasklet\n usage (git-fixes).\n\n - ALSA: portman2x4: fix repeated word 'if' (git-fixes).\n\n - ALSA: rawmidi: (cosmetic) align function parameters\n (git-fixes).\n\n - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl\n (git-fixes).\n\n - ALSA: sparc: dbri: fix repeated word 'the' (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for MODX\n (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Qu-16\n (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Zoom\n UAC-2 (git-fixes).\n\n - ALSA: usb-audio: Add mixer support for Pioneer DJ\n DJM-250MK2 (git-fixes).\n\n - ALSA: usb-audio: add usb vendor id as DSD-capable for\n Khadas devices (git-fixes).\n\n - ALSA: usb-audio: endpoint.c: fix repeated word 'there'\n (git-fixes).\n\n - ALSA: usb-audio: fix spelling mistake 'Frequence' ->\n 'Frequency' (git-fixes).\n\n - ALSA: usb-audio: Line6 Pod Go interface requires static\n clock rate quirk (git-fixes).\n\n - ALSA: usb: scarless_gen2: fix endianness issue\n (git-fixes).\n\n - ALSA: vx: vx_core: clarify operator precedence\n (git-fixes).\n\n - ALSA: vx: vx_pcm: remove redundant assignment\n (git-fixes).\n\n - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter\n (git-fixes).\n\n - arm64: Enable PCI write-combine resources under sysfs\n (bsc#1175807).\n\n - ASoC: codecs: wcd9335: Set digital gain range correctly\n (git-fixes).\n\n - ASoC: cs42l51: manage mclk shutdown delay (git-fixes).\n\n - ASoC: fsl: imx-es8328: add missing put_device() call in\n imx_es8328_probe() (git-fixes).\n\n - ASoC: fsl_sai: Instantiate snd_soc_dai_driver\n (git-fixes).\n\n - ASoC: img-i2s-out: Fix runtime PM imbalance on error\n (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN\n Converter9 2-in-1 (git-fixes).\n\n - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup\n function (git-fixes).\n\n - ASoC: kirkwood: fix IRQ error handling (git-fixes).\n\n - ASoC: qcom: lpass-cpu: fix concurrency issue\n (git-fixes).\n\n - ASoC: qcom: lpass-platform: fix memory leak (git-fixes).\n\n - ASoC: qcom: sdm845: set driver name correctly\n (git-fixes).\n\n - ASoC: sun50i-codec-analog: Fix duplicate use of ADC\n enable bits (git-fixes).\n\n - ASoC: tlv320aic32x4: Fix bdiv clock rate derivation\n (git-fixes).\n\n - ASoC: wm8994: Ensure the device is resumed in\n wm89xx_mic_detect functions (git-fixes).\n\n - ASoC: wm8994: Skip setting of the WM8994_MICBIAS\n register for WM1811 (git-fixes).\n\n - ata: ahci: mvebu: Make SATA PHY optional for Armada 3720\n (git-fixes).\n\n - ata: sata_rcar: Fix DMA boundary mask (git-fixes).\n\n - ath10k: check idx validity in\n __ath10k_htt_rx_ring_fill_n() (git-fixes).\n\n - ath10k: fix array out-of-bounds access (git-fixes).\n\n - ath10k: fix memory leak for tpc_stats_final (git-fixes).\n\n - ath10k: Fix the size used in a 'dma_free_coherent()'\n call in an error handling path (git-fixes).\n\n - ath10k: fix VHT NSS calculation when STBC is enabled\n (git-fixes).\n\n - ath10k: provide survey info as accumulated data\n (git-fixes).\n\n - ath10k: start recovery process when payload length\n exceeds max htc length for sdio (git-fixes).\n\n - ath10k: use kzalloc to read for\n ath10k_sdio_hif_diag_read (git-fixes).\n\n - ath6kl: prevent potential array overflow in\n ath6kl_add_new_sta() (git-fixes).\n\n - ath6kl: wmi: prevent a shift wrapping bug in\n ath6kl_wmi_delete_pstream_cmd() (git-fixes).\n\n - ath9k: Fix potential out of bounds in\n ath9k_htc_txcompletion_cb() (git-fixes).\n\n - ath9k: hif_usb: fix race condition between usb_get_urb()\n and usb_kill_anchored_urbs() (git-fixes).\n\n - ath9k_htc: Use appropriate rs_datalen type (git-fixes).\n\n - backlight: sky81452-backlight: Fix refcount imbalance on\n error (git-fixes).\n\n - blk-mq: order adding requests to hctx->dispatch and\n checking SCHED_RESTART (bsc#1177750).\n\n - block: ensure bdi->io_pages is always initialized\n (bsc#1177749).\n\n - block: Fix page_is_mergeable() for compound pages\n (bsc#1177814).\n\n - block: Set same_page to false in __bio_try_merge_page if\n ret is false (git-fixes).\n\n - Bluetooth: btusb: Fix memleak in\n btusb_mtk_submit_wmt_recv_urb (git-fixes).\n\n - Bluetooth: Fix refcount use-after-free issue\n (git-fixes).\n\n - Bluetooth: guard against controllers sending zero'd\n events (git-fixes).\n\n - Bluetooth: Handle Inquiry Cancel error after Inquiry\n Complete (git-fixes).\n\n - Bluetooth: hci_uart: Cancel init work before\n unregistering (git-fixes).\n\n - Bluetooth: L2CAP: handle l2cap config request during\n open state (git-fixes).\n\n - Bluetooth: MGMT: Fix not checking if BT_HS is enabled\n (git-fixes).\n\n - Bluetooth: Only mark socket zapped after unlocking\n (git-fixes).\n\n - Bluetooth: prefetch channel before killing sock\n (git-fixes).\n\n - bnxt_en: Protect bnxt_set_eee() and\n bnxt_set_pauseparam() with mutex (git-fixes).\n\n - bonding: show saner speed for broadcast mode\n (networking-stable-20_08_24).\n\n - brcm80211: fix possible memleak in\n brcmf_proto_msgbuf_attach (git-fixes).\n\n - brcmfmac: check ndev pointer (git-fixes).\n\n - brcmfmac: Fix double freeing in the fmac usb data path\n (git-fixes).\n\n - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy\n (git-fixes).\n\n - btrfs: Account for merged patches upstream Move below\n patches to sorted section.\n\n - btrfs: add owner and fs_info to alloc_state io_tree\n (bsc#1177854).\n\n - btrfs: allocate scrub workqueues outside of locks\n (bsc#1178183).\n\n - btrfs: block-group: do not set the wrong READA flag for\n btrfs_read_block_groups() (bsc#1176019).\n\n - btrfs: block-group: fix free-space bitmap threshold\n (bsc#1176019).\n\n - btrfs: block-group: refactor how we delete one block\n group item (bsc#1176019).\n\n - btrfs: block-group: refactor how we insert a block group\n item (bsc#1176019).\n\n - btrfs: block-group: refactor how we read one block group\n item (bsc#1176019).\n\n - btrfs: block-group: rename write_one_cache_group()\n (bsc#1176019).\n\n - btrfs: check the right error variable in\n btrfs_del_dir_entries_in_log (bsc#1177687).\n\n - btrfs: cleanup cow block on error (bsc#1178584).\n\n - btrfs: do not force read-only after error in drop\n snapshot (bsc#1176354).\n\n - btrfs: do not set the full sync flag on the inode during\n page release (bsc#1177687).\n\n - btrfs: do not take an extra root ref at allocation time\n (bsc#1176019).\n\n - btrfs: drop logs when we've aborted a transaction\n (bsc#1176019).\n\n - btrfs: drop path before adding new uuid tree entry\n (bsc#1178176).\n\n - btrfs: fix a race between scrub and block group\n removal/allocation (bsc#1176019).\n\n - Btrfs: fix crash during unmount due to race with delayed\n inode workers (bsc#1176019).\n\n - btrfs: fix filesystem corruption after a device replace\n (bsc#1178395).\n\n - btrfs: fix NULL pointer dereference after failure to\n create snapshot (bsc#1178190).\n\n - btrfs: fix overflow when copying corrupt csums for a\n message (bsc#1178191).\n\n - btrfs: fix race between page release and a fast fsync\n (bsc#1177687).\n\n - btrfs: fix space cache memory leak after transaction\n abort (bsc#1178173).\n\n - btrfs: free block groups after free'ing fs trees\n (bsc#1176019).\n\n - btrfs: hold a ref on the root on the dead roots list\n (bsc#1176019).\n\n - btrfs: kill the subvol_srcu (bsc#1176019).\n\n - btrfs: make btrfs_cleanup_fs_roots use the radix tree\n lock (bsc#1176019).\n\n - btrfs: make inodes hold a ref on their roots\n (bsc#1176019).\n\n - btrfs: make the extent buffer leak check per fs info\n (bsc#1176019).\n\n - btrfs: move btrfs_rm_dev_replace_free_srcdev outside of\n all locks (bsc#1178395).\n\n - btrfs: move btrfs_scratch_superblocks into\n btrfs_dev_replace_finishing (bsc#1178395).\n\n - btrfs: move ino_cache_inode dropping out of\n btrfs_free_fs_root (bsc#1176019).\n\n - btrfs: move the block group freeze/unfreeze helpers into\n block-group.c (bsc#1176019).\n\n - btrfs: move the root freeing stuff into btrfs_put_root\n (bsc#1176019).\n\n - btrfs: only commit delayed items at fsync if we are\n logging a directory (bsc#1177687).\n\n - btrfs: only commit the delayed inode when doing a full\n fsync (bsc#1177687).\n\n - btrfs: qgroup: fix qgroup meta rsv leak for subvolume\n operations (bsc#1177856).\n\n - btrfs: qgroup: fix wrong qgroup metadata reserve for\n delayed inode (bsc#1177855).\n\n - btrfs: reduce contention on log trees when logging\n checksums (bsc#1177687).\n\n - btrfs: release old extent maps during page release\n (bsc#1177687).\n\n - btrfs: remove no longer necessary chunk mutex locking\n cases (bsc#1176019).\n\n - btrfs: remove no longer needed use of log_writers for\n the log root tree (bsc#1177687).\n\n - btrfs: rename member 'trimming' of block group to a more\n generic name (bsc#1176019).\n\n - btrfs: reschedule if necessary when logging directory\n items (bsc#1178585).\n\n - btrfs: scrub, only lookup for csums if we are dealing\n with a data extent (bsc#1176019).\n\n - btrfs: send, orphanize first all conflicting inodes when\n processing references (bsc#1178579).\n\n - btrfs: send, recompute reference path after\n orphanization of a directory (bsc#1178581).\n\n - btrfs: set the correct lockdep class for new nodes\n (bsc#1178184).\n\n - btrfs: set the lockdep class for log tree extent buffers\n (bsc#1178186).\n\n - btrfs: stop incremening log_batch for the log root tree\n when syncing log (bsc#1177687).\n\n - btrfs: tree-checker: fix false alert caused by legacy\n btrfs root item (bsc#1177861).\n\n - bus: hisi_lpc: Fixup IO ports addresses to avoid\n use-after-free in host removal (git-fixes).\n\n - can: can_create_echo_skb(): fix echo skb generation:\n always use skb_clone() (git-fixes).\n\n - can: c_can: reg_map_(c,d)_can: mark as __maybe_unused\n (git-fixes).\n\n - can: dev: __can_get_echo_skb(): fix real payload length\n return value for RTR frames (git-fixes).\n\n - can: dev: can_get_echo_skb(): prevent call to\n kfree_skb() in hard IRQ context (git-fixes).\n\n - can: flexcan: flexcan_chip_stop(): add error handling\n and propagate error value (git-fixes).\n\n - can: flexcan: flexcan_remove(): disable wakeup\n completely (git-fixes).\n\n - can: flexcan: remove ack_grp and ack_bit handling from\n driver (git-fixes).\n\n - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk\n for LS1021A (git-fixes).\n\n - can: peak_canfd: pucan_handle_can_rx(): fix echo\n management when loopback is on (git-fixes).\n\n - can: peak_usb: add range checking in decode operations\n (git-fixes).\n\n - can: peak_usb: peak_usb_get_ts_time(): fix timestamp\n wrapping (git-fixes).\n\n - can: rx-offload: do not call kfree_skb() from IRQ\n context (git-fixes).\n\n - can: softing: softing_card_shutdown(): add braces around\n empty body in an 'if' statement (git-fixes).\n\n - ceph: promote to unsigned long long before shifting\n (bsc#1178175).\n\n - clk: at91: clk-main: update key before writing\n AT91_CKGR_MOR (git-fixes).\n\n - clk: at91: remove the checking of parent_name\n (git-fixes).\n\n - clk: bcm2835: add missing release if\n devm_clk_hw_register fails (git-fixes).\n\n - clk: imx8mq: Fix usdhc parents order (git-fixes).\n\n - clk: keystone: sci-clk: fix parsing assigned-clock data\n during probe (git-fixes).\n\n - clk: meson: g12a: mark fclk_div2 as critical\n (git-fixes).\n\n - clk: qcom: gcc-sdm660: Fix wrong parent_map (git-fixes).\n\n - clk: samsung: exynos4: mark 'chipid' clock as\n CLK_IGNORE_UNUSED (git-fixes).\n\n - clk: socfpga: stratix10: fix the divider for the\n emac_ptp_free_clk (git-fixes).\n\n - clk: tegra: Always program PLL_E when enabled\n (git-fixes).\n\n - clk/ti/adpll: allocate room for terminating null\n (git-fixes).\n\n - clocksource/drivers/h8300_timer8: Fix wrong return value\n in h8300_8timer_init() (git-fixes).\n\n - clocksource/drivers/timer-gx6605s: Fixup counter reload\n (git-fixes).\n\n - cpuidle: Poll for a minimum of 30ns and poll for a tick\n if lower c-states are disabled (bnc#1176588).\n\n - create Storage / NVMe subsection\n\n - crypto: algif_aead - Do not set MAY_BACKLOG on the async\n path (git-fixes).\n\n - crypto: algif_skcipher - EBUSY on aio should be an error\n (git-fixes).\n\n - crypto: bcm - Verify GCM/CCM key length in setkey\n (git-fixes).\n\n - crypto: ccp - fix error handling (git-fixes).\n\n - crypto: dh - check validity of Z before export\n (bsc#1175718).\n\n - crypto: dh - SP800-56A rev 3 local public key validation\n (bsc#1175718).\n\n - crypto: ecc - SP800-56A rev 3 local public key\n validation (bsc#1175718).\n\n - crypto: ecdh - check validity of Z before export\n (bsc#1175718).\n\n - crypto: ixp4xx - Fix the size used in a\n 'dma_free_coherent()' call (git-fixes).\n\n - crypto: mediatek - Fix wrong return value in\n mtk_desc_ring_alloc() (git-fixes).\n\n - crypto: omap-sham - fix digcnt register handling with\n export/import (git-fixes).\n\n - crypto: picoxcell - Fix potential race condition bug\n (git-fixes).\n\n - crypto: qat - check cipher length for aead\n AES-CBC-HMAC-SHA (git-fixes).\n\n - cxgb4: fix memory leak during module unload\n (networking-stable-20_09_24).\n\n - cxgb4: Fix offset when clearing filter byte counters\n (networking-stable-20_09_24).\n\n - cxl: Rework error message for incompatible slots\n (bsc#1055014 git-fixes).\n\n - cypto: mediatek - fix leaks in mtk_desc_ring_alloc\n (git-fixes).\n\n - dax: Fix compilation for CONFIG_DAX && !CONFIG_FS_DAX\n (bsc#1177817).\n\n - Disable module compression on SLE15 SP2 (bsc#1178307)\n\n - dma-direct: add missing set_memory_decrypted() for\n coherent mapping (bsc#1175898, ECO-2743).\n\n - dma-direct: always align allocation size in\n dma_direct_alloc_pages() (bsc#1175898, ECO-2743).\n\n - dma-direct: atomic allocations must come from atomic\n coherent pools (bsc#1175898, ECO-2743).\n\n - dma-direct: check return value when encrypting or\n decrypting memory (bsc#1175898, ECO-2743).\n\n - dma-direct: consolidate the error handling in\n dma_direct_alloc_pages (bsc#1175898, ECO-2743).\n\n - dma-direct: make uncached_kernel_address more general\n (bsc#1175898, ECO-2743).\n\n - dma-direct: provide function to check physical memory\n area validity (bsc#1175898, ECO-2743).\n\n - dma-direct: provide mmap and get_sgtable method\n overrides (bsc#1175898, ECO-2743).\n\n - dma-direct: re-encrypt memory if\n dma_direct_alloc_pages() fails (bsc#1175898, ECO-2743).\n\n - dma-direct: remove __dma_direct_free_pages (bsc#1175898,\n ECO-2743).\n\n - dma-direct: remove the dma_handle argument to\n __dma_direct_alloc_pages (bsc#1175898, ECO-2743).\n\n - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status\n (git-fixes).\n\n - dmaengine: dmatest: Check list for emptiness before\n access its last entry (git-fixes).\n\n - dmaengine: dw: Activate FIFO-mode for memory peripherals\n only (git-fixes).\n\n - dmaengine: mediatek: hsdma_probe: fixed a memory leak\n when devm_request_irq fails (git-fixes).\n\n - dmaengine: stm32-dma: use vchan_terminate_vdesc() in\n .terminate_all (git-fixes).\n\n - dmaengine: stm32-mdma: use vchan_terminate_vdesc() in\n .terminate_all (git-fixes).\n\n - dmaengine: tegra-apb: Prevent race conditions on\n channel's freeing (git-fixes).\n\n - dmaengine: zynqmp_dma: fix burst length configuration\n (git-fixes).\n\n - dma-fence: Serialise signal enabling\n (dma_fence_enable_sw_signaling) (git-fixes).\n\n - dma-mapping: add a dma_can_mmap helper (bsc#1175898,\n ECO-2743).\n\n - dma-mapping: always use VM_DMA_COHERENT for generic DMA\n remap (bsc#1175898, ECO-2743).\n\n - dma-mapping: DMA_COHERENT_POOL should select\n GENERIC_ALLOCATOR (bsc#1175898, ECO-2743).\n\n - dma-mapping: make dma_atomic_pool_init self-contained\n (bsc#1175898, ECO-2743).\n\n - dma-mapping: merge the generic remapping helpers into\n dma-direct (bsc#1175898, ECO-2743).\n\n - dma-mapping: remove arch_dma_mmap_pgprot (bsc#1175898,\n ECO-2743).\n\n - dma-mapping: warn when coherent pool is depleted\n (bsc#1175898, ECO-2743).\n\n - dma-pool: add additional coherent pools to map to gfp\n mask (bsc#1175898, ECO-2743).\n\n - dma-pool: add pool sizes to debugfs (bsc#1175898,\n ECO-2743).\n\n - dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL\n (bsc#1175898, ECO-2743).\n\n - dma-pool: do not allocate pool memory from CMA\n (bsc#1175898, ECO-2743).\n\n - dma-pool: dynamically expanding atomic pools\n (bsc#1175898, ECO-2743).\n\n - dma-pool: Fix an uninitialized variable bug in\n atomic_pool_expand() (bsc#1175898, ECO-2743).\n\n - dma-pool: fix coherent pool allocations for IOMMU\n mappings (bsc#1175898, ECO-2743).\n\n - dma-pool: fix too large DMA pools on medium memory size\n systems (bsc#1175898, ECO-2743).\n\n - dma-pool: get rid of dma_in_atomic_pool() (bsc#1175898,\n ECO-2743).\n\n - dma-pool: introduce dma_guess_pool() (bsc#1175898,\n ECO-2743).\n\n - dma-pool: make sure atomic pool suits device\n (bsc#1175898, ECO-2743).\n\n - dma-pool: Only allocate from CMA when in same memory\n zone (bsc#1175898, ECO-2743).\n\n - dma-pool: scale the default DMA coherent pool size with\n memory capacity (bsc#1175898, ECO-2743).\n\n - dma-remap: separate DMA atomic pools from direct remap\n code (bsc#1175898, ECO-2743).\n\n - dm: Call proper helper to determine dax support\n (bsc#1177817).\n\n - dm/dax: Fix table reference counts (bsc#1178246).\n\n - docs: driver-api: remove a duplicated index entry\n (git-fixes).\n\n - drivers: char: tlclk.c: Avoid data race between init and\n interrupt handler (git-fixes).\n\n - drivers: watchdog: rdc321x_wdt: Fix race condition bugs\n (git-fixes).\n\n - drm/amdgpu: restore proper ref count in\n amdgpu_display_crtc_set_config (git-fixes).\n\n - drm/radeon: revert 'Prefer lower feedback dividers'\n (bsc#1177384).\n\n - drop Storage / bsc#1171688 subsection No effect on\n expanded tree.\n\n - e1000: Do not perform reset in reset_task if we are\n already down (git-fixes).\n\n - EDAC/i5100: Fix error handling order in i5100_init_one()\n (bsc#1152489).\n\n - eeprom: at25: set minimum read/write access stride to 1\n (git-fixes).\n\n - exfat: fix name_hash computation on big endian systems\n (git-fixes).\n\n - exfat: fix overflow issue in exfat_cluster_to_sector()\n (git-fixes).\n\n - exfat: fix possible memory leak in exfat_find()\n (git-fixes).\n\n - exfat: fix use of uninitialized spinlock on error path\n (git-fixes).\n\n - exfat: fix wrong hint_stat initialization in\n exfat_find_dir_entry() (git-fixes).\n\n - exfat: fix wrong size update of stream entry by typo\n (git-fixes).\n\n - extcon: ptn5150: Fix usage of atomic GPIO with sleeping\n GPIO chips (git-fixes).\n\n - ftrace: Move RCU is watching check after recursion check\n (git-fixes).\n\n - fuse: do not ignore errors from fuse_writepages_fill()\n (bsc#1177193).\n\n - futex: Adjust absolute futex timeouts with per time\n namespace offset (bsc#1164648).\n\n - futex: Consistently use fshared as boolean\n (bsc#1149032).\n\n - futex: Fix incorrect should_fail_futex() handling\n (bsc#1149032).\n\n - futex: Remove put_futex_key() (bsc#1149032).\n\n - futex: Remove unused or redundant includes\n (bsc#1149032).\n\n - gpio: mockup: fix resource leak in error path\n (git-fixes).\n\n - gpio: rcar: Fix runtime PM imbalance on error\n (git-fixes).\n\n - gpio: siox: explicitly support only threaded irqs\n (git-fixes).\n\n - gpio: sprd: Clear interrupt when setting the type as\n edge (git-fixes).\n\n - gpio: tc35894: fix up tc35894 interrupt configuration\n (git-fixes).\n\n - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY\n (networking-stable-20_08_24).\n\n - gtp: add GTPA_LINK info to msg sent to userspace\n (networking-stable-20_09_11).\n\n - HID: hid-input: fix stylus battery reporting\n (git-fixes).\n\n - HID: ite: Add USB id match for Acer One S1003 keyboard\n dock (git-fixes).\n\n - HID: roccat: add bounds checking in\n kone_sysfs_write_settings() (git-fixes).\n\n - HID: wacom: Avoid entering wacom_wac_pen_report for pad\n / battery (git-fixes).\n\n - hwmon: (applesmc) check status earlier (git-fixes).\n\n - hwmon: (mlxreg-fan) Fix double 'Mellanox' (git-fixes).\n\n - hwmon: (pmbus/max34440) Fix status register reads for\n MAX344(51,60,61) (git-fixes).\n\n - hyperv_fb: Update screen_info after removing old\n framebuffer (bsc#1175306).\n\n - i2c: aspeed: Mask IRQ status to relevant bits\n (git-fixes).\n\n - i2c: core: Call i2c_acpi_install_space_handler() before\n i2c_acpi_register_devices() (git-fixes).\n\n - i2c: core: Restore acpi_walk_dep_device_list() getting\n called after registering the ACPI i2c devs (git-fixes).\n\n - i2c: cpm: Fix i2c_ram structure (git-fixes).\n\n - i2c: i801: Exclude device from suspend direct complete\n optimization (git-fixes).\n\n - i2c: imx: Fix external abort on interrupt in exit paths\n (git-fixes).\n\n - i2c: meson: fix clock setting overwrite (git-fixes).\n\n - i2c: meson: fixup rate calculation with filter delay\n (git-fixes).\n\n - i2c: owl: Clear NACK and BUS error bits (git-fixes).\n\n - i2c: rcar: Auto select RESET_CONTROLLER (git-fixes).\n\n - i2c: tegra: Prevent interrupt triggering after transfer\n timeout (git-fixes).\n\n - i2c: tegra: Restore pinmux on system resume (git-fixes).\n\n - i3c: master add i3c_master_attach_boardinfo to preserve\n boardinfo (git-fixes).\n\n - i3c: master: Fix error return in cdns_i3c_master_probe()\n (git-fixes).\n\n - ibmveth: Identify ingress large send packets\n (bsc#1178185 ltc#188897).\n\n - ibmveth: Switch order of ibmveth_helper calls\n (bsc#1061843 git-fixes).\n\n - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943\n git-fixes).\n\n - ibmvnic: save changed mac address to adapter->mac_addr\n (bsc#1134760 ltc#177449 git-fixes).\n\n - ibmvnic: set up 200GBPS speed (bsc#1129923 git-fixes).\n\n - icmp: randomize the global rate limiter (git-fixes).\n\n - ida: Free allocated bitmap in error path (git-fixes).\n\n - ieee802154/adf7242: check status of adf7242_read_reg\n (git-fixes).\n\n - ieee802154: fix one possible memleak in\n ca8210_dev_com_init (git-fixes).\n\n - iio:accel:bma180: Fix use of true when should be\n iio_shared_by enum (git-fixes).\n\n - iio: adc: gyroadc: fix leak of device node iterator\n (git-fixes).\n\n - iio: adc: qcom-spmi-adc5: fix driver name (git-fixes).\n\n - iio: adc: stm32-adc: fix runtime autosuspend delay when\n slow polling (git-fixes).\n\n - iio:adc:ti-adc0832 Fix alignment issue with timestamp\n (git-fixes).\n\n - iio:adc:ti-adc12138 Fix alignment issue with timestamp\n (git-fixes).\n\n - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE\n (git-fixes).\n\n - iio:gyro:itg3200: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:light:si1145: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:magn:hmc5843: Fix passing true where iio_shared_by\n enum required (git-fixes).\n\n - ima: Do not ignore errors from crypto_shash_update()\n (git-fixes).\n\n - ima: extend boot_aggregate with kernel measurements\n (bsc#1177617).\n\n - ima: Remove semicolon at the end of\n ima_get_binary_runtime_size() (git-fixes).\n\n - Input: ati_remote2 - add missing newlines when printing\n module parameters (git-fixes).\n\n - Input: ep93xx_keypad - fix handling of\n platform_get_irq() error (git-fixes).\n\n - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515\n (bsc#954532).\n\n - Input: imx6ul_tsc - clean up some errors in\n imx6ul_tsc_resume() (git-fixes).\n\n - Input: omap4-keypad - fix handling of platform_get_irq()\n error (git-fixes).\n\n - Input: stmfts - fix a & vs && typo (git-fixes).\n\n - Input: sun4i-ps2 - fix handling of platform_get_irq()\n error (git-fixes).\n\n - Input: trackpoint - enable Synaptics trackpoints\n (git-fixes).\n\n - Input: twl4030_keypad - fix handling of\n platform_get_irq() error (git-fixes).\n\n - iomap: Make sure iomap_end is called after iomap_begin\n (bsc#1177754).\n\n - iommu/amd: Fix IOMMU AVIC not properly update the is_run\n bit in IRTE (bsc#1177297).\n\n - iommu/amd: Fix potential @entry null deref\n (bsc#1177283).\n\n - iommu/amd: Re-factor guest virtual APIC (de-)activation\n code (bsc#1177284).\n\n - iommu/amd: Restore IRTE.RemapEn bit for\n amd_iommu_activate_guest_mode (bsc#1177285).\n\n - iommu/exynos: add missing put_device() call in\n exynos_iommu_of_xlate() (bsc#1177286).\n\n - iommu/vt-d: Correctly calculate agaw in domain_init()\n (bsc#1176400).\n\n - iommu/vt-d: Gracefully handle DMAR units with no\n supported address widths (bsc#1177739).\n\n - ip: fix tos reflection in ack and reset packets\n (networking-stable-20_09_24).\n\n - ipmi_si: Fix wrong return value in try_smi_init()\n (git-fixes).\n\n - ipv4: Initialize flowi4_multipath_hash in data path\n (networking-stable-20_09_24).\n\n - ipv4: Restore flowi4_oif update before call to\n xfrm_lookup_route (git-fixes).\n\n - ipv4: Update exception handling for multipath routes via\n same device (networking-stable-20_09_24).\n\n - ipv6: avoid lockdep issue in fib6_del()\n (networking-stable-20_09_24).\n\n - ipv6: Fix sysctl max for fib_multipath_hash_policy\n (networking-stable-20_09_11).\n\n - ipvlan: fix device features\n (networking-stable-20_08_24).\n\n - iwlwifi: mvm: split a print to avoid a WARNING in ROC\n (git-fixes).\n\n - kabi fix for NFS: Fix flexfiles read failover\n (git-fixes).\n\n - kABI: Fix kABI after add CodeSigning extended key usage\n (bsc#1177353).\n\n - kABI: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not\n implementing PCI_COMMAND_MEMORY (bsc#1176979).\n\n - kabi/severities: ignore kABI for target_core_rbd Match\n behaviour for all other Ceph specific modules.\n\n - kallsyms: Refactor kallsyms_show_value() to take cred\n (git-fixes).\n\n - kbuild: enforce -Werror=return-type (bsc#1177281).\n\n - kernel-binary.spec.in: Exclude .config.old from\n kernel-devel - use tar excludes for\n .kernel-binary.spec.buildenv\n\n - kernel-binary.spec.in: Package the obj_install_dir as\n explicit filelist.\n\n - KVM: x86/mmu: Commit zap of remaining invalid pages when\n recovering lpages (git-fixes).\n\n - leds: bcm6328, bcm6358: use devres LED registering\n function (git-fixes).\n\n - leds: mlxreg: Fix possible buffer overflow (git-fixes).\n\n - leds: mt6323: move period calculation (git-fixes).\n\n -\n libceph-add-support-for-CMPEXT-compare-extent-reques.pat\n ch: (bsc#1177090).\n\n - libceph: clear con->out_msg on Policy::stateful_server\n faults (bsc#1178177).\n\n - lib/crc32.c: fix trivial typo in preprocessor condition\n (git-fixes).\n\n - lib/mpi: Add mpi_sub_ui() (bsc#1175718).\n\n - locking/rwsem: Disable reader optimistic spinning\n (bnc#1176588).\n\n - mac80211: do not allow bigger VHT MPDUs than the\n hardware supports (git-fixes).\n\n - mac80211: handle lack of sband->bitrates in rates\n (git-fixes).\n\n - mac80211: skip mpath lookup also for control port tx\n (git-fixes).\n\n - mac802154: tx: fix use-after-free (git-fixes).\n\n - macsec: avoid use-after-free in macsec_handle_frame()\n (git-fixes).\n\n - mailbox: avoid timer start from callback (git-fixes).\n\n - media: ati_remote: sanity check for both endpoints\n (git-fixes).\n\n - media: bdisp: Fix runtime PM imbalance on error\n (git-fixes).\n\n - media: camss: Fix a reference count leak (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak due to\n pm_runtime_get_sync (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak\n (git-fixes).\n\n - media: exynos4-is: Fix several reference count leaks due\n to pm_runtime_get_sync (git-fixes).\n\n - media: firewire: fix memory leak (git-fixes).\n\n - media: i2c: ov5640: Enable data pins on poweron for DVP\n mode (git-fixes).\n\n - media: i2c: ov5640: Remain in power down for DVP mode\n unless streaming (git-fixes).\n\n - media: i2c: ov5640: Separate out mipi configuration from\n s_power (git-fixes).\n\n - media: imx274: fix frame interval handling (git-fixes).\n\n - media: m5mols: Check function pointer in\n m5mols_sensor_power (git-fixes).\n\n - media: mc-device.c: fix memleak in\n media_device_register_entity (git-fixes).\n\n - media: media/pci: prevent memory leak in bttv_probe\n (git-fixes).\n\n - media: mx2_emmaprp: Fix memleak in emmaprp_probe\n (git-fixes).\n\n - media: omap3isp: Fix memleak in isp_probe (git-fixes).\n\n - media: ov5640: Correct Bit Div register in clock tree\n diagram (git-fixes).\n\n - media: platform: fcp: Fix a reference count leak\n (git-fixes).\n\n - media: platform: Improve queue set up flow for bug\n fixing (git-fixes).\n\n - media: platform: s3c-camif: Fix runtime PM imbalance on\n error (git-fixes).\n\n - media: platform: sti: hva: Fix runtime PM imbalance on\n error (git-fixes).\n\n - media: rcar-csi2: Allocate v4l2_async_subdev dynamically\n (git-fixes).\n\n - media: rcar_drif: Allocate v4l2_async_subdev dynamically\n (git-fixes).\n\n - media: rcar_drif: Fix fwnode reference leak when parsing\n DT (git-fixes).\n\n - media: rcar-vin: Fix a reference count leak (git-fixes).\n\n - media: rc: do not access device via sysfs after\n rc_unregister_device() (git-fixes).\n\n - media: rc: uevent sysfs file races with\n rc_unregister_device() (git-fixes).\n\n - media: Revert 'media: exynos4-is: Add missed check for\n pinctrl_lookup_state()' (git-fixes).\n\n - media: rockchip/rga: Fix a reference count leak\n (git-fixes).\n\n - media: s5p-mfc: Fix a reference count leak (git-fixes).\n\n - media: saa7134: avoid a shift overflow (git-fixes).\n\n - media: smiapp: Fix error handling at NVM reading\n (git-fixes).\n\n - media: staging/intel-ipu3: css: Correctly reset some\n memory (git-fixes).\n\n - media: st-delta: Fix reference count leak in\n delta_run_work (git-fixes).\n\n - media: sti: Fix reference count leaks (git-fixes).\n\n - media: stm32-dcmi: Fix a reference count leak\n (git-fixes).\n\n - media: tc358743: cleanup tc358743_cec_isr (git-fixes).\n\n - media: tc358743: initialize variable (git-fixes).\n\n - media: ti-vpe: cal: Restrict DMA to avoid memory\n corruption (git-fixes).\n\n - media: ti-vpe: Fix a missing check and reference count\n leak (git-fixes).\n\n - media: tuner-simple: fix regression in\n simple_set_radio_freq (git-fixes).\n\n - media: tw5864: check status of tw5864_frameinterval_get\n (git-fixes).\n\n - media: usbtv: Fix refcounting mixup (git-fixes).\n\n - media: uvcvideo: Ensure all probed info is returned to\n v4l2 (git-fixes).\n\n - media: uvcvideo: Fix dereference of out-of-bound list\n iterator (git-fixes).\n\n - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having\n any effect (git-fixes).\n\n - media: uvcvideo: Set media controller entity functions\n (git-fixes).\n\n - media: uvcvideo: Silence shift-out-of-bounds warning\n (git-fixes).\n\n - media: v4l2-async: Document asd allocation requirements\n (git-fixes).\n\n - media: venus: core: Fix runtime PM imbalance in\n venus_probe (git-fixes).\n\n - media: vsp1: Fix runtime PM imbalance on error\n (git-fixes).\n\n - memory: fsl-corenet-cf: Fix handling of\n platform_get_irq() error (git-fixes).\n\n - memory: omap-gpmc: Fix a couple off by ones (git-fixes).\n\n - memory: omap-gpmc: Fix build error without CONFIG_OF\n (git-fixes).\n\n - mfd: mfd-core: Protect against NULL call-back function\n pointer (git-fixes).\n\n - mfd: sm501: Fix leaks in probe() (git-fixes).\n\n - mic: vop: copy data to kernel space then write to io\n memory (git-fixes).\n\n - misc: mic: scif: Fix error handling path (git-fixes).\n\n - misc: rtsx: Fix memory leak in rtsx_pci_probe\n (git-fixes).\n\n - misc: vop: add round_up(x,4) for vring_size to avoid\n kernel panic (git-fixes).\n\n - mm: call cond_resched() from deferred_init_memmap() (git\n fixes (mm/init), bsc#1177697).\n\n - mmc: core: do not set limits.discard_granularity as 0\n (git-fixes).\n\n - mmc: core: Rework wp-gpio handling (git-fixes).\n\n - mm, compaction: fully assume capture is not NULL in\n compact_zone_order() (git fixes (mm/compaction),\n bsc#1177681).\n\n - mm, compaction: make capture control handling safe wrt\n interrupts (git fixes (mm/compaction), bsc#1177681).\n\n - mmc: sdhci-acpi: AMDI0040: Set\n SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).\n\n - mmc: sdhci: Add LTR support for some Intel BYT based\n controllers (git-fixes).\n\n - mmc: sdhci: Workaround broken command queuing on Intel\n GLK based IRBIS models (git-fixes).\n\n - mmc: sdio: Check for CISTPL_VERS_1 buffer size\n (git-fixes).\n\n - mm/debug.c: always print flags in dump_page() (git fixes\n (mm/debug)).\n\n - mm: do not panic when links can't be created in sysfs\n (bsc#1178002).\n\n - mm: do not rely on system state to detect hot-plug\n operations (bsc#1178002).\n\n - mm: fix a race during THP splitting (bsc#1178255).\n\n - mm/huge_memory.c: use head to check huge zero page\n (git-fixes (mm/thp)).\n\n - mm: initialize deferred pages with interrupts enabled\n (git fixes (mm/init), bsc#1177697).\n\n - mm: madvise: fix vma user-after-free (git-fixes).\n\n - mm/memcontrol.c: lost css_put in\n memcg_expand_shrinker_maps() (bsc#1177694).\n\n - mm/mempolicy.c: fix out of bounds write in\n mpol_parse_str() (git-fixes (mm/mempolicy)).\n\n - mm/migrate.c: also overwrite error when it is bigger\n than zero (git fixes (mm/move_pages), bsc#1177683).\n\n - mm: move_pages: report the number of non-attempted pages\n (git fixes (mm/move_pages), bsc#1177683).\n\n - mm: move_pages: return valid node id in status if the\n page is already on the target node (git fixes\n (mm/move_pages), bsc#1177683).\n\n - mm/pagealloc.c: call touch_nmi_watchdog() on max order\n boundaries in deferred init (git fixes (mm/init),\n bsc#1177697).\n\n - mm/page-writeback.c: avoid potential division by zero in\n wb_min_max_ratio() (git-fixes (mm/writeback)).\n\n - mm/page-writeback.c: improve arithmetic divisions\n (git-fixes (mm/writeback)).\n\n - mm: replace memmap_context by meminit_context\n (bsc#1178002).\n\n - mm/rmap: fixup copying of soft dirty and uffd ptes\n (git-fixes (mm/rmap)).\n\n - mm, slab/slub: improve error reporting and overhead of\n cache_from_obj() (mm/slub bsc#1165692).\n\n - mm, slab/slub: move and improve cache_from_obj()\n (mm/slub bsc#1165692).\n\n - mm, slub: extend checks guarded by slub_debug static key\n (mm/slub bsc#1165692).\n\n - mm, slub: extend slub_debug syntax for multiple blocks\n (mm/slub bsc#1165692).\n\n - mm, slub: introduce kmem_cache_debug_flags() (mm/slub\n bsc#1165692).\n\n - mm, slub: introduce static key for slub_debug() (mm/slub\n bsc#1165692).\n\n - mm, slub: make reclaim_account attribute read-only\n (mm/slub bsc#1165692).\n\n - mm, slub: make remaining slub_debug related attributes\n read-only (mm/slub bsc#1165692).\n\n - mm, slub: make some slub_debug related attributes\n read-only (mm/slub bsc#1165692).\n\n - mm, slub: remove runtime allocation order changes\n (mm/slub bsc#1165692).\n\n - mm, slub: restore initial kmem_cache flags (mm/slub\n bsc#1165692).\n\n - mm/swapfile.c: fix potential memory leak in sys_swapon\n (git-fixes).\n\n - mm/zsmalloc.c: fix the migrated zspage statistics\n (git-fixes (mm/zsmalloc)).\n\n - module: Correctly truncate sysfs sections output\n (git-fixes).\n\n - module: Do not expose section addresses to\n non-CAP_SYSLOG (git-fixes).\n\n - module: Refactor section attr into bin attribute\n (git-fixes).\n\n - module: statically initialize init section freeing data\n (git-fixes).\n\n - Move upstreamed BT patch into sorted section\n\n - Move upstreamed intel-vbtn patch into sorted section\n\n - mt76: add missing locking around ampdu action\n (git-fixes).\n\n - mt76: clear skb pointers from rx aggregation reorder\n buffer during cleanup (git-fixes).\n\n - mt76: do not use devm API for led classdev (git-fixes).\n\n - mt76: fix handling full tx queues in\n mt76_dma_tx_queue_skb_raw (git-fixes).\n\n - mt76: fix LED link time failure (git-fixes).\n\n - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error\n path of cfi_amdstd_setup() (git-fixes).\n\n - mtd: lpddr: Fix bad logic in print_drs_error\n (git-fixes).\n\n - mtd: lpddr: fix excessive stack usage with clang\n (git-fixes).\n\n - mtd: mtdoops: Do not write panic data twice (git-fixes).\n\n - mtd: rawnand: gpmi: Fix runtime PM imbalance on error\n (git-fixes).\n\n - mtd: rawnand: omap_elm: Fix runtime PM imbalance on\n error (git-fixes).\n\n - mtd: rawnand: stm32_fmc2: fix a buffer overflow\n (git-fixes).\n\n - mtd: rawnand: vf610: disable clk on error handling path\n in probe (git-fixes).\n\n - mtd: spinand: gigadevice: Add QE Bit (git-fixes).\n\n - mtd: spinand: gigadevice: Only one dummy byte in QUADIO\n (git-fixes).\n\n - mwifiex: do not call del_timer_sync() on uninitialized\n timer (git-fixes).\n\n - mwifiex: Do not use GFP_KERNEL in atomic context\n (git-fixes).\n\n - mwifiex: fix double free (git-fixes).\n\n - mwifiex: remove function pointer check (git-fixes).\n\n - mwifiex: Remove unnecessary braces from\n HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes).\n\n - net: bridge: br_vlan_get_pvid_rcu() should dereference\n the VLAN group under RCU (networking-stable-20_09_24).\n\n - net/core: check length before updating Ethertype in\n skb_mpls_(push,pop) (git-fixes).\n\n - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument\n (networking-stable-20_09_24).\n\n - net: disable netpoll on fresh napis\n (networking-stable-20_09_11).\n\n - net: dsa: b53: check for timeout\n (networking-stable-20_08_24).\n\n - net: dsa: rtl8366: Properly clear member config\n (networking-stable-20_09_24).\n\n - net: fec: correct the error path for regulator disable\n in probe (networking-stable-20_08_24).\n\n - net: Fix bridge enslavement failure\n (networking-stable-20_09_24).\n\n - net: Fix potential wrong skb->protocol in\n skb_vlan_untag() (networking-stable-20_08_24).\n\n - net: hns: Fix memleak in hns_nic_dev_probe\n (networking-stable-20_09_11).\n\n - net: ipv6: fix kconfig dependency warning for\n IPV6_SEG6_HMAC (networking-stable-20_09_24).\n\n - netlabel: fix problems with mapping removal\n (networking-stable-20_09_11).\n\n - net: lantiq: Disable IRQs only if NAPI gets scheduled\n (networking-stable-20_09_24).\n\n - net: lantiq: Use napi_complete_done()\n (networking-stable-20_09_24).\n\n - net: lantiq: use netif_tx_napi_add() for TX NAPI\n (networking-stable-20_09_24).\n\n - net: lantiq: Wake TX queue again\n (networking-stable-20_09_24).\n\n - net/mlx5e: Enable adding peer miss rules only if merged\n eswitch is supported (networking-stable-20_09_24).\n\n - net/mlx5e: TLS, Do not expose FPGA TLS counter if not\n supported (networking-stable-20_09_24).\n\n - net/mlx5: Fix FTE cleanup (networking-stable-20_09_24).\n\n - net: mscc: ocelot: fix race condition with TX\n timestamping (bsc#1178461).\n\n - net: phy: Avoid NPD upon phy_detach() when driver is\n unbound (networking-stable-20_09_24).\n\n - net: phy: Do not warn in phy_stop() on PHY_DOWN\n (networking-stable-20_09_24).\n\n - net: phy: realtek: fix rtl8211e rx/tx delay config\n (git-fixes).\n\n - net: qrtr: fix usage of idr in port assignment to socket\n (networking-stable-20_08_24).\n\n - net/sched: act_ct: Fix skb double-free in\n tcf_ct_handle_fragments() error flow\n (networking-stable-20_08_24).\n\n - net: sctp: Fix IPv6 ancestor_size calc in\n sctp_copy_descendant (networking-stable-20_09_24).\n\n - net: sctp: Fix negotiation of the number of data streams\n (networking-stable-20_08_24).\n\n - net/smc: Prevent kernel-infoleak in __smc_diag_dump()\n (networking-stable-20_08_24).\n\n - net: systemport: Fix memleak in bcm_sysport_probe\n (networking-stable-20_09_11).\n\n - net: usb: dm9601: Add USB ID of Keenetic Plus DSL\n (networking-stable-20_09_11).\n\n - net: usb: qmi_wwan: add Cellient MPL200 card\n (git-fixes).\n\n - net: usb: rtl8150: set random MAC address when\n set_ethernet_addr() fails (git-fixes).\n\n - net: wireless: nl80211: fix out-of-bounds access in\n nl80211_del_key() (git-fixes).\n\n - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute\n in nfc_genl_fw_download() (git-fixes).\n\n - nfp: use correct define to return NONE fec\n (networking-stable-20_09_24).\n\n - nfsd4: fix NULL dereference in nfsd/clients display code\n (git-fixes).\n\n - NFS: Do not move layouts to plh_return_segs list while\n in use (git-fixes).\n\n - NFS: Do not return layout segments that are in use\n (git-fixes).\n\n - nfs: ensure correct writeback errors are returned on\n close() (git-fixes).\n\n - NFS: Fix flexfiles read failover (git-fixes).\n\n - nfs: Fix security label length not being reset\n (bsc#1176381).\n\n - nfs: nfs_file_write() should check for writeback errors\n (git-fixes).\n\n - NFSv4.2: fix client's attribute cache management for\n copy_file_range (git-fixes).\n\n - nl80211: fix non-split wiphy information (git-fixes).\n\n - NTB: hw: amd: fix an issue about leak system resources\n (git-fixes).\n\n - ntb: intel: Fix memleak in intel_ntb_pci_probe\n (git-fixes).\n\n - nvme-multipath: retry commands for dying queues\n (bsc#1171688).\n\n - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).\n\n - nvme-rdma: fix crash when connect rejected\n (bsc#1174748).\n\n - overflow: Include header file with SIZE_MAX declaration\n (git-fixes).\n\n - p54: avoid accessing the data mapped to streaming DMA\n (git-fixes).\n\n - PCI: aardvark: Check for errors from\n pci_bridge_emul_init() call (git-fixes).\n\n - PCI/ACPI: Whitelist hotplug ports for D3 if power\n managed by ACPI (git-fixes).\n\n - PCI: Avoid double hpmemsize MMIO window assignment\n (git-fixes).\n\n - PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY\n (bsc#1176979).\n\n - PCI: tegra194: Fix runtime PM imbalance on error\n (git-fixes).\n\n - PCI: tegra: Fix runtime PM imbalance on error\n (git-fixes).\n\n - percpu: fix first chunk size calculation for populated\n bitmap (git-fixes (mm/percpu)).\n\n - perf/x86/amd: Fix sampling Large Increment per Cycle\n events (bsc#1152489).\n\n - perf/x86: Fix n_pair for cancelled txn (bsc#1152489).\n\n - phy: ti: am654: Fix a leak in serdes_am654_probe()\n (git-fixes).\n\n - pinctrl: bcm: fix kconfig dependency warning when\n !GPIOLIB (git-fixes).\n\n - pinctrl: mcp23s08: Fix mcp23x17 precious range\n (git-fixes).\n\n - pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser\n (git-fixes).\n\n - pinctrl: mvebu: Fix i2c sda definition for 98DX3236\n (git-fixes).\n\n - PKCS#7: Check codeSigning EKU for kernel module and\n kexec pe verification.\n\n - PKCS#7: Check codeSigning EKU for kernel module and\n kexec pe verification (bsc#1177353).\n\n - Platform: OLPC: Fix memleak in olpc_ec_probe\n (git-fixes).\n\n - platform/x86: fix kconfig dependency warning for\n FUJITSU_LAPTOP (git-fixes).\n\n - platform/x86: fix kconfig dependency warning for\n LG_LAPTOP (git-fixes).\n\n - platform/x86: intel_pmc_core: do not create a static\n struct device (git-fixes).\n\n - platform/x86: intel-vbtn: Switch to an allow-list for\n SW_TABLET_MODE reporting (bsc#1175599).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM\n configuration (git-fixes).\n\n - platform/x86: thinkpad_acpi: initialize tp_nvram_state\n variable (git-fixes).\n\n - platform/x86: thinkpad_acpi: re-initialize ACPI buffer\n size when reuse (git-fixes).\n\n - PM: hibernate: Batch hibernate and resume IO requests\n (bsc#1178079).\n\n - PM: hibernate: remove the bogus call to get_gendisk() in\n software_resume() (git-fixes).\n\n - PM: runtime: Drop runtime PM references to supplier on\n link removal (git-fixes).\n\n - pNFS/flexfiles: Ensure we initialise the mirror bsizes\n correctly on read (git-fixes).\n\n - powerpc/book3s64/radix: Make radix_mem_block_size 64bit\n (bsc#1055186 ltc#153436 git-fixes).\n\n - powerpc/dma: Fix dma_map_ops::get_required_mask\n (bsc#1065729).\n\n - powerpc: Fix undetected data corruption with P9N DD2.1\n VSX CI load emulation (bsc#1065729).\n\n - powerpc/hwirq: Remove stale forward irq_chip declaration\n (bsc#1065729).\n\n - powerpc/icp-hv: Fix missing of_node_put() in success\n path (bsc#1065729).\n\n - powerpc/irq: Drop forward declaration of struct\n irqaction (bsc#1065729).\n\n - powerpc/papr_scm: Fix warning triggered by\n perf_stats_show() (bsc#1175052 jsc#SLE-13823 bsc#1174969\n jsc#SLE-12769 git-fixes).\n\n - powerpc/perf/hv-gpci: Fix starting index value\n (bsc#1065729).\n\n - powerpc/powernv/dump: Fix race while processing OPAL\n dump (bsc#1065729).\n\n - powerpc/powernv/elog: Fix race while processing OPAL\n error log event (bsc#1065729).\n\n - powerpc/pseries: Avoid using addr_to_pfn in real mode\n (jsc#SLE-9246 git-fixes).\n\n - powerpc/pseries: explicitly reschedule during drmem_lmb\n list traversal (bsc#1077428 ltc#163882 git-fixes).\n\n - powerpc/pseries: Fix missing of_node_put() in rng_init()\n (bsc#1065729).\n\n - power: supply: bq27xxx: report 'not charging' on all\n types (git-fixes).\n\n - power: supply: max17040: Correct voltage reading\n (git-fixes).\n\n - power: supply: test_power: add missing newlines when\n printing parameters by sysfs (git-fixes).\n\n - pwm: img: Fix NULL pointer access in probe (git-fixes).\n\n - pwm: lpss: Add range limit check for the base_unit\n register value (git-fixes).\n\n - pwm: lpss: Fix off by one error in base_unit math in\n pwm_lpss_prepare() (git-fixes).\n\n - qla2xxx: Return EBUSY on fcport deletion (bsc#1171688).\n\n - qtnfmac: fix resource leaks on unsupported iftype error\n return path (git-fixes).\n\n - r8169: fix data corruption issue on RTL8402\n (bsc#1174098).\n\n - r8169: fix issue with forced threading in combination\n with shared interrupts (git-fixes).\n\n - r8169: fix operation under forced interrupt threading\n (git-fixes).\n\n - rapidio: fix the missed put_device() for\n rio_mport_add_riodev (git-fixes).\n\n - rbd-add-rbd_img_fill_cmp_and_write_from_bvecs.patch:\n (bsc#1177090).\n\n - rbd-add-support-for-COMPARE_AND_WRITE-CMPEXT.patch:\n (bsc#1177090).\n\n - RDMA/hfi1: Correct an interlock issue for TID RDMA WRITE\n request (bsc#1175621).\n\n - Refresh\n patches.suse/fnic-to-not-call-scsi_done-for-unhandled-co\n mmands.patch (bsc#1168468, bsc#1171675).\n\n - regulator: axp20x: fix LDO2/4 description (git-fixes).\n\n - regulator: defer probe when trying to get voltage from\n unresolved supply (git-fixes).\n\n - regulator: resolve supply after creating regulator\n (git-fixes).\n\n - rename Other drivers / Intel IOMMU subsection to IOMMU\n\n - reset: sti: reset-syscfg: fix struct description\n warnings (git-fixes).\n\n - ring-buffer: Return 0 on success from\n ring_buffer_resize() (git-fixes).\n\n - rpm/kernel-module-subpackage: make Group tag optional\n (bsc#1163592)\n\n - rtc: ds1374: fix possible race condition (git-fixes).\n\n - rtc: rx8010: do not modify the global rtc ops\n (git-fixes).\n\n - rtc: sa1100: fix possible race condition (git-fixes).\n\n - rtl8xxxu: prevent potential memory leak (git-fixes).\n\n - rtw88: increse the size of rx buffer size (git-fixes).\n\n - s390/cio: add cond_resched() in the slow_eval_known_fn()\n loop (bsc#1177799 LTC#188733).\n\n - s390/dasd: Fix zero write for FBA devices (bsc#1177801\n LTC#188735).\n\n - s390/pci: Mark all VFs as not implementing\n PCI_COMMAND_MEMORY (bsc#1176979).\n\n - sched/fair: Ignore cache hotness for SMT migration\n (bnc#1155798 (CPU scheduler functional and performance\n backports)).\n\n - sched/fair: Use dst group while checking imbalance for\n NUMA balancer (bnc#1155798 (CPU scheduler functional and\n performance backports)).\n\n - sched/numa: Avoid creating large imbalances at task\n creation time (bnc#1176588).\n\n - sched/numa: Check numa balancing information only when\n enabled (bnc#1176588).\n\n - sched/numa: Use runnable_avg to classify node\n (bnc#1155798 (CPU scheduler functional and performance\n backports)).\n\n - scsi: ibmvfc: Fix error return in ibmvfc_probe()\n (bsc#1065729).\n\n - scsi: ibmvscsi: Fix potential race after loss of\n transport (bsc#1178166 ltc#188226).\n\n - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while\n calling getpeername() (bsc#1177258).\n\n - scsi: mptfusion: Do not use GFP_ATOMIC for larger DMA\n allocations (bsc#1175898, ECO-2743).\n\n - scsi: qla2xxx: Add IOCB resource tracking (bsc#1171688\n bsc#1174003).\n\n - scsi: qla2xxx: Add rport fields in debugfs (bsc#1171688\n bsc#1174003).\n\n - scsi: qla2xxx: Add SLER and PI control support\n (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe\n devices (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Correct the check for sscanf() return\n value (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix buffer-buffer credit extraction error\n (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix crash on session cleanup with unload\n (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix inconsistent format argument type in\n qla_dbg.c (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix inconsistent format argument type in\n qla_os.c (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix inconsistent format argument type in\n tcm_qla2xxx.c (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix I/O errors during LIP reset tests\n (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix I/O failures during remote port\n toggle testing (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix memory size truncation (bsc#1171688\n bsc#1174003).\n\n - scsi: qla2xxx: Fix MPI reset needed message (bsc#1171688\n bsc#1174003).\n\n - scsi: qla2xxx: Fix point-to-point (N2N) device discovery\n issue (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1171688\n bsc#1174003).\n\n - scsi: qla2xxx: Honor status qualifier in FCP_RSP per\n spec (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Make tgt_port_database available in\n initiator mode (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Performance tweak (bsc#1171688\n bsc#1174003).\n\n - scsi: qla2xxx: Reduce duplicate code in reporting speed\n (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Remove unneeded variable 'rval'\n (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Setup debugfs entries for remote ports\n (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Update version to 10.02.00.102-k\n (bsc#1171688 bsc#1174003).\n\n - scsi: qla2xxx: Update version to 10.02.00.103-k\n (bsc#1171688 bsc#1174003).\n\n - sctp: not disable bh in the whole sctp_get_port_local()\n (networking-stable-20_09_11).\n\n - selftests/timers: Turn off timeout setting (git-fixes).\n\n - serial: 8250: 8250_omap: Terminate DMA before pushing\n data on RX timeout (git-fixes).\n\n - serial: 8250_mtk: Fix uart_get_baud_rate warning\n (git-fixes).\n\n - serial: 8250_omap: Fix sleeping function called from\n invalid context during probe (git-fixes).\n\n - serial: 8250_port: Do not service RX FIFO if throttled\n (git-fixes).\n\n - serial: txx9: add missing platform_driver_unregister()\n on error in serial_txx9_init (git-fixes).\n\n - serial: uartps: Wait for tx_empty in console setup\n (git-fixes).\n\n - slimbus: core: check get_addr before removing laddr ida\n (git-fixes).\n\n - slimbus: core: do not enter to clock pause mode in core\n (git-fixes).\n\n - slimbus: qcom-ngd-ctrl: disable ngd in qmi server down\n callback (git-fixes).\n\n - soc: fsl: qbman: Fix return value on success\n (git-fixes).\n\n - spi: dw-pci: free previously allocated IRQs if\n desc->setup() fails (git-fixes).\n\n - spi: fsl-espi: Only process interrupts for expected\n events (git-fixes).\n\n - spi: omap2-mcspi: Improve performance waiting for CHSTAT\n (git-fixes).\n\n - spi: spi-s3c64xx: Check return values (git-fixes).\n\n - spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and\n s3c64xx_enable_datapath() (git-fixes).\n\n - spi: sprd: Release DMA channel also on probe deferral\n (git-fixes).\n\n - spi: stm32: Rate-limit the 'Communication suspended'\n message (git-fixes).\n\n - staging: comedi: cb_pcidas: Allow 2-channel commands for\n AO subdevice (git-fixes).\n\n - staging: comedi: check validity of wMaxPacketSize of usb\n endpoints found (git-fixes).\n\n - staging: octeon: Drop on uncorrectable alignment or FCS\n error (git-fixes).\n\n - staging: octeon: repair 'fixed-link' support\n (git-fixes).\n\n - staging:r8188eu: avoid skb_clone for amsdu to msdu\n conversion (git-fixes).\n\n - staging: rtl8192u: Do not use GFP_KERNEL in atomic\n context (git-fixes).\n\n - SUNRPC: Revert 241b1f419f0e ('SUNRPC: Remove\n xdr_buf_trim()') (git-fixes).\n\n - svcrdma: Fix page leak in svc_rdma_recv_read_chunk()\n (git-fixes).\n\n - taprio: Fix allowing too small intervals\n (networking-stable-20_09_24).\n\n -\n target-compare-and-write-backend-driver-sense-handli.pat\n ch: (bsc#1177719).\n\n -\n target-rbd-add-emulate_legacy_capacity-dev-attribute.pat\n ch: (bsc#1177109).\n\n - target-rbd-add-WRITE-SAME-support.patch: (bsc#1177090).\n\n -\n target-rbd-conditionally-fix-off-by-one-bug-in-get_b.pat\n ch: (bsc#1177109).\n\n -\n target-rbd-detect-stripe_unit-SCSI-block-size-misali.pat\n ch: (bsc#1177090).\n\n -\n target-rbd-fix-unmap-discard-block-size-conversion.patch\n : (bsc#1177271).\n\n -\n target-rbd-fix-unmap-handling-with-unmap_zeroes_data.pat\n ch: (bsc#1177271).\n\n - target-rbd-support-COMPARE_AND_WRITE.patch:\n (bsc#1177090).\n\n - thermal: rcar_thermal: Handle probe error gracefully\n (git-fixes).\n\n - time: Prevent undefined behaviour in timespec64_to_ns()\n (bsc#1164648).\n\n - tipc: fix memory leak caused by tipc_buf_append()\n (git-fixes).\n\n - tipc: Fix memory leak in tipc_group_create_member()\n (networking-stable-20_09_24).\n\n - tipc: fix shutdown() of connectionless socket\n (networking-stable-20_09_11).\n\n - tipc: fix shutdown() of connection oriented socket\n (networking-stable-20_09_24).\n\n - tipc: fix the skb_unshare() in tipc_buf_append()\n (git-fixes).\n\n - tipc: fix uninit skb->data in tipc_nl_compat_dumpit()\n (networking-stable-20_08_24).\n\n - tipc: use skb_unshare() instead in tipc_buf_append()\n (networking-stable-20_09_24).\n\n - tracing: Check return value of __create_val_fields()\n before using its result (git-fixes).\n\n - tracing: Save normal string variables (git-fixes).\n\n - tty: ipwireless: fix error handling (git-fixes).\n\n - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char\n (git-fixes).\n\n - uio: free uio id after uio file node is freed\n (git-fixes).\n\n - Update config files. Enable ACPI_PCI_SLOT and\n HOTPLUG_PCI_ACPI (bsc#1177194).\n\n - Update patches.suse/target-add-rbd-backend.patch: ().\n (simplify block to byte calculations and use consistent\n error paths)\n\n - USB: adutux: fix debugging (git-fixes).\n\n - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices\n (git-fixes).\n\n - usb: cdc-acm: fix cooldown mechanism (git-fixes).\n\n - USB: cdc-acm: handle broken union descriptors\n (git-fixes).\n\n - USB: cdc-wdm: Make wdm_flush() interruptible and add\n wdm_fsync() (git-fixes).\n\n - usb: core: Solve race condition in anchor cleanup\n functions (git-fixes).\n\n - usb: dwc2: Fix INTR OUT transfers in DDMA mode\n (git-fixes).\n\n - usb: dwc2: Fix parameter type in function pointer\n prototype (git-fixes).\n\n - usb: dwc3: core: add phy cleanup for probe error\n handling (git-fixes).\n\n - usb: dwc3: core: do not trigger runtime pm when remove\n driver (git-fixes).\n\n - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests\n (git-fixes).\n\n - usb: dwc3: gadget: Resume pending requests after\n CLEAR_STALL (git-fixes).\n\n - usb: dwc3: Increase timeout for CmdAct cleared by device\n controller (git-fixes).\n\n - usb: dwc3: pci: Allow Elkhart Lake to utilize DSM method\n for PM functionality (git-fixes).\n\n - usb: dwc3: simple: add support for Hikey 970\n (git-fixes).\n\n - USB: EHCI: ehci-mv: fix error handling in\n mv_ehci_probe() (git-fixes).\n\n - USB: EHCI: ehci-mv: fix less than zero comparison of an\n unsigned int (git-fixes).\n\n - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus\n gadgets (git-fixes).\n\n - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and\n above (git-fixes).\n\n - USB: gadget: f_ncm: Fix NDP16 datagram validation\n (git-fixes).\n\n - usb: gadget: function: printer: fix use-after-free in\n __lock_acquire (git-fixes).\n\n - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as\n well (git-fixes).\n\n - usblp: fix race between disconnect() and read()\n (git-fixes).\n\n - usb: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n\n - usb: ohci: Default to per-port over-current protection\n (git-fixes).\n\n - USB: serial: cyberjack: fix write-URB completion race\n (git-fixes).\n\n - USB: serial: ftdi_sio: add support for FreeCalypso\n JTAG+UART adapters (git-fixes).\n\n - USB: serial: option: add Cellient MPL200 card\n (git-fixes).\n\n - USB: serial: option: Add Telit FT980-KS composition\n (git-fixes).\n\n - USB: serial: pl2303: add device-id for HP GC device\n (git-fixes).\n\n - USB: serial: qcserial: fix altsetting probing\n (git-fixes).\n\n - usb: typec: tcpm: During PR_SWAP, source caps should be\n sent only after tSwapSourceStart (git-fixes).\n\n - usb: xhci-mtk: Fix typo (git-fixes).\n\n - usb: xhci: omit duplicate actions when suspending a\n runtime suspended host (git-fixes).\n\n - vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from\n is_virtfn (bsc#1176979).\n\n - video: hyperv: hyperv_fb: Obtain screen resolution from\n Hyper-V host (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Support deferred IO for\n Hyper-V frame buffer driver (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Use physical memory for fb on\n HyperV Gen 1 VMs (bsc#1175306).\n\n - virtio-net: do not disable guest csum when disable LRO\n (git-fixes).\n\n - VMCI: check return value of get_user_pages_fast() for\n errors (git-fixes).\n\n - vmxnet3: fix cksum offload issues for non-udp tunnels\n (git-fixes).\n\n - w1: mxc_w1: Fix timeout resolution problem leading to\n bus error (git-fixes).\n\n - watchdog: Fix memleak in watchdog_cdev_register\n (git-fixes).\n\n - watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3\n (git-fixes).\n\n - watchdog: Use put_device on error (git-fixes).\n\n - wcn36xx: Fix reported 802.11n rx_highest rate\n wcn3660/wcn3680 (git-fixes).\n\n - wlcore: fix runtime pm imbalance in wl1271_tx_work\n (git-fixes).\n\n - wlcore: fix runtime pm imbalance in\n wlcore_regdomain_config (git-fixes).\n\n - writeback: Avoid skipping inode writeback (bsc#1177755).\n\n - writeback: Fix sync livelock due to b_dirty_time\n processing (bsc#1177755).\n\n - writeback: Protect inode->i_io_list with inode->i_lock\n (bsc#1177755).\n\n - X.509: Add CodeSigning extended key usage parsing\n (bsc#1177353).\n\n - x86/alternative: Do not call text_poke() in lazy TLB\n mode (bsc#1175749).\n\n - x86/fpu: Allow multiple bits in clearcpuid= parameter\n (bsc#1152489).\n\n - x86/ioapic: Unbreak check_timer() (bsc#1152489).\n\n - x86/kexec: Use up-to-dated screen_info copy to fill boot\n params (bsc#1175306).\n\n - x86/(mce,mm): Unmap the entire page if the whole page is\n affected and poisoned (bsc#1177765).\n\n - x86/mm: unencrypted non-blocking DMA allocations use\n coherent pools (bsc#1175898, ECO-2743).\n\n - x86/unwind/orc: Fix inactive tasks with stack pointer in\n %sp on GCC 10 compiled kernels (bsc#1176907).\n\n - x86/xen: disable Firmware First mode for correctable\n memory errors (bsc#1176713).\n\n - xen/blkback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/events: add a new 'late EOI' evtchn framework\n (XSA-332 bsc#1177411).\n\n - xen/events: add a proper barrier to 2-level uevent\n unmasking (XSA-332 bsc#1177411).\n\n - xen/events: avoid removing an event channel while\n handling it (XSA-331 bsc#1177410).\n\n - xen/events: block rogue events for some time (XSA-332\n bsc#1177411).\n\n - xen/events: defer eoi in case of excessive number of\n events (XSA-332 bsc#1177411).\n\n - xen/events: do not use chip_data for legacy IRQs\n (bsc#1065600).\n\n - xen/events: fix race in evtchn_fifo_unmask() (XSA-332\n bsc#1177411).\n\n - xen/events: switch user event channels to lateeoi model\n (XSA-332 bsc#1177411).\n\n - xen/events: use a common cpu hotplug hook for event\n channels (XSA-332 bsc#1177411).\n\n - xen/gntdev.c: Mark pages as dirty (bsc#1065600).\n\n - xen/netback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/pciback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/pvcallsback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/scsiback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xfs: complain if anyone tries to create a too-large\n buffer log item (bsc#1166146).\n\n - xfs: do not update mtime on COW faults (bsc#1167030).\n\n - xfs: fix high key handling in the rt allocator's\n query_range function (git-fixes).\n\n - xfs: fix scrub flagging rtinherit even if there is no rt\n device (git-fixes).\n\n - xfs: fix xfs_bmap_validate_extent_raw when checking attr\n fork of rt files (git-fixes).\n\n - xfs: flush new eof page on truncate to avoid post-eof\n corruption (git-fixes).\n\n - xfs: force the log after remapping a synchronous-writes\n file (git-fixes).\n\n - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166).\n\n - xfs: limit entries returned when counting fsmap records\n (git-fixes).\n\n - xfs: remove unused variable 'done' (bsc#1166166).\n\n - xfs: set xefi_discard when creating a deferred agfl free\n log intent item (git-fixes).\n\n - xfs: truncate should remove all blocks, not just to the\n end of the page cache (bsc#1166166).\n\n - xhci: do not create endpoint debugfs entry before ring\n buffer is set (git-fixes).\n\n - xprtrdma: fix incorrect header size calculations\n (git-fixes).\n\n - yam: fix possible memory leak in yam_init_driver\n (git-fixes).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1163592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1164648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1165692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1166146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1166166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176400\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177754\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178255\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=802154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954532\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-5.3.18-lp152.50.1.lp152.8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-rebuild-5.3.18-lp152.50.1.lp152.8.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-default-base / kernel-default-base-rebuild\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:26:12", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14331)A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists.\n The highest threat from this vulnerability is to system availability.(CVE-2020-14314)A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/ netfilter/ nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.(CVE-2020-25211)The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.(CVE-2020-12888)The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.(CVE-2014-8181)A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.(CVE-2020-10751)The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.(CVE-2020-16166)A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash.\n This flaw allows a local attacker with user privileges to cause a denial of service.(CVE-2020-10769)In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.(CVE-2020-15393)An issue was discovered in the Linux kernel through 5.7.1.\n drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059.(CVE-2020-13974)go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.(CVE-2019-20810)An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/ net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.(CVE-2019-20811)An issue was discovered in the Linux kernel before 5.4.7.\n The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067.(CVE-2019-20812)A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.(CVE-2020-10732)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-11-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-2353)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8181", "CVE-2019-20810", "CVE-2019-20811", "CVE-2019-20812", "CVE-2020-10732", "CVE-2020-10751", "CVE-2020-10769", "CVE-2020-12888", "CVE-2020-13974", "CVE-2020-14314", "CVE-2020-14331", "CVE-2020-14386", "CVE-2020-15393", "CVE-2020-16166", "CVE-2020-25211", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2353.NASL", "href": "https://www.tenable.com/plugins/nessus/142240", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142240);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2014-8181\",\n \"CVE-2019-20810\",\n \"CVE-2019-20811\",\n \"CVE-2019-20812\",\n \"CVE-2020-10732\",\n \"CVE-2020-10751\",\n \"CVE-2020-10769\",\n \"CVE-2020-12888\",\n \"CVE-2020-13974\",\n \"CVE-2020-14314\",\n \"CVE-2020-14331\",\n \"CVE-2020-14386\",\n \"CVE-2020-15393\",\n \"CVE-2020-16166\",\n \"CVE-2020-25211\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25643\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-2353)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):A flaw was found in the\n Linux kernel's implementation of the invert video code\n on VGA consoles when a local attacker attempts to\n resize the console, calling an ioctl VT_RESIZE, which\n causes an out-of-bounds write to occur. This flaw\n allows a local user with access to the VGA console to\n crash the system, potentially escalating their\n privileges on the system. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as system availability.(CVE-2020-14331)A flaw\n was found in the HDLC_PPP module of the Linux kernel in\n versions before 5.9-rc7. Memory corruption and a read\n overflow is caused by improper input validation in the\n ppp_cp_parse_cr function which can cause the system to\n crash or cause a denial of service. The highest threat\n from this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-25643)A memory out-of-bounds\n read flaw was found in the Linux kernel before 5.9-rc2\n with the ext3/ext4 file system, in the way it accesses\n a directory with broken indexing. This flaw allows a\n local user to crash the system if the directory exists.\n The highest threat from this vulnerability is to system\n availability.(CVE-2020-14314)A TOCTOU mismatch in the\n NFS client code in the Linux kernel before 5.8.3 could\n be used by local attackers to corrupt memory or\n possibly have unspecified other impact because a size\n check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/\n nfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)The rbd\n block device driver in drivers/block/rbd.c in the Linux\n kernel through 5.8.9 used incomplete permission\n checking for access to rbd devices, which could be\n leveraged by local attackers to map or unmap rbd block\n devices, aka CID-f44d04e696fe.(CVE-2020-25284)A race\n condition between hugetlb sysctl handlers in\n mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL\n pointer dereference, or possibly have unspecified other\n impact, aka CID-17743798d812.(CVE-2020-25285)A flaw was\n found in the Linux kernel before 5.9-rc4. Memory\n corruption can be exploited to gain root privileges\n from unprivileged processes. The highest threat from\n this vulnerability is to data confidentiality and\n integrity.(CVE-2020-14386)In the Linux kernel through\n 5.8.7, local attackers able to inject conntrack netlink\n configuration could overflow a local buffer, causing\n crashes or triggering use of incorrect protocol numbers\n in ctnetlink_parse_tuple_filter in net/ netfilter/\n nf_conntrack_netlink.c, aka\n CID-1cc5ef91d2ff.(CVE-2020-25211)The VFIO PCI driver in\n the Linux kernel through 5.6.13 mishandles attempts to\n access disabled memory space.(CVE-2020-12888)The kernel\n in Red Hat Enterprise Linux 7 and MRG-2 does not clear\n garbage data for SG_IO buffer, which may leaking\n sensitive information to userspace.(CVE-2014-8181)A\n flaw was found in the Linux kernels SELinux LSM hook\n implementation before version 5.7, where it incorrectly\n assumed that an skb would only contain a single netlink\n message. The hook would incorrectly only validate the\n first netlink message in the skb and allow or deny the\n rest of the messages within the skb with the granted\n permission without further\n processing.(CVE-2020-10751)The Linux kernel through\n 5.7.11 allows remote attackers to make observations\n that help to obtain sensitive information about the\n internal state of the network RNG, aka\n CID-f227e3ec3b5c. This is related to\n drivers/char/random.c and\n kernel/time/timer.c.(CVE-2020-16166)A buffer over-read\n flaw was found in RH kernel versions before 5.0 in\n crypto_authenc_extractkeys in crypto/authenc.c in the\n IPsec Cryptographic algorithm's module, authenc. When a\n payload longer than 4 bytes, and is not following\n 4-byte alignment boundary guidelines, it causes a\n buffer over-read threat, leading to a system crash.\n This flaw allows a local attacker with user privileges\n to cause a denial of service.(CVE-2020-10769)In the\n Linux kernel through 5.7.6, usbtest_disconnect in\n drivers/usb/misc/usbtest.c has a memory leak, aka\n CID-28ebeb8db770.(CVE-2020-15393)An issue was\n discovered in the Linux kernel through 5.7.1.\n drivers/tty/vt/keyboard.c has an integer overflow if\n k_ascii is called several times in a row, aka\n CID-b86dab054059.(CVE-2020-13974)go7007_snd_init in\n drivers/media/usb/go7007/snd-go7007.c in the Linux\n kernel before 5.6 does not call snd_card_free for a\n failure path, which causes a memory leak, aka\n CID-9453264ef586.(CVE-2019-20810)An issue was\n discovered in the Linux kernel before 5.0.6. In\n rx_queue_add_kobject() and netdev_queue_add_kobject()\n in net/core/ net-sysfs.c, a reference count is\n mishandled, aka CID-a3e23f719f5c.(CVE-2019-20811)An\n issue was discovered in the Linux kernel before 5.4.7.\n The prb_calc_retire_blk_tmo() function in\n net/packet/af_packet.c can result in a denial of\n service (CPU consumption and soft lockup) in a certain\n failure case involving TPACKET_V3, aka\n CID-b43d1f9f7067.(CVE-2019-20812)A flaw was found in\n the Linux kernel's implementation of Userspace core\n dumps. This flaw allows an attacker with a local\n account to crash a trivial program and exfiltrate\n private kernel data.(CVE-2020-10732)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2353\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae382c7d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14386\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.62.59.83.h243\",\n \"kernel-debug-3.10.0-327.62.59.83.h243\",\n \"kernel-debug-devel-3.10.0-327.62.59.83.h243\",\n \"kernel-debuginfo-3.10.0-327.62.59.83.h243\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h243\",\n \"kernel-devel-3.10.0-327.62.59.83.h243\",\n \"kernel-headers-3.10.0-327.62.59.83.h243\",\n \"kernel-tools-3.10.0-327.62.59.83.h243\",\n \"kernel-tools-libs-3.10.0-327.62.59.83.h243\",\n \"perf-3.10.0-327.62.59.83.h243\",\n \"python-perf-3.10.0-327.62.59.83.h243\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:24:29", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.\n\nCVE-2019-3874\n\nKernel buffers allocated by the SCTP network protocol were not limited by the memory cgroup controller. A local user could potentially use this to evade container memory limits and to cause a denial of service (excessive memory use).\n\nCVE-2019-19448, CVE-2019-19813, CVE-2019-19816\n\n'Team bobfuzzer' reported bugs in Btrfs that could lead to a use-after-free or heap buffer overflow, and could be triggered by crafted filesystem images. A user permitted to mount and access arbitrary filesystems could use these to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-10781\n\nLuca Bruno of Red Hat discovered that the zram control file /sys/class/zram-control/hot_add was readable by all users. On a system with zram enabled, a local user could use this to cause a denial of service (memory exhaustion).\n\nCVE-2020-12888\n\nIt was discovered that the PCIe Virtual Function I/O (vfio-pci) driver allowed users to disable a device's memory space while it was still mapped into a process. On some hardware platforms, local users or guest virtual machines permitted to access PCIe Virtual Functions could use this to cause a denial of service (hardware error and crash).\n\nCVE-2020-14314\n\nA bug was discovered in the ext4 filesystem that could lead to an out-of-bound read. A local user permitted to mount and access arbitrary filesystem images could use this to cause a denial of service (crash).\n\nCVE-2020-14331\n\nA bug was discovered in the VGA console driver's soft-scrollback feature that could lead to a heap buffer overflow. On a system with a custom kernel that has CONFIG_VGACON_SOFT_SCROLLBACK enabled, a local user with access to a console could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-14356\n\nA bug was discovered in the cgroup subsystem's handling of socket references to cgroups. In some cgroup configurations, this could lead to a use-after-free. A local user might be able to use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-14385\n\nA bug was discovered in XFS, which could lead to an extended attribute (xattr) wrongly being detected as invalid. A local user with access to an XFS filesystem could use this to cause a denial of service (filesystem shutdown).\n\nCVE-2020-14386\n\nOr Cohen discovered a bug in the packet socket (AF_PACKET) implementation which could lead to a heap buffer overflow. A local user with the CAP_NET_RAW capability (in any user namespace) could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-14390\n\nMinh Yuan discovered a bug in the framebuffer console driver's scrollback feature that could lead to a heap buffer overflow. On a system using framebuffer consoles, a local user with access to a console could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nThe scrollback feature has been disabled for now, as no other fix was available for this issue.\n\nCVE-2020-16166\n\nAmit Klein reported that the random number generator used by the network stack might not be re-seeded for long periods of time, making e.g. client port number allocations more predictable. This made it easier for remote attackers to carry out some network- based attacks such as DNS cache poisoning or device tracking.\n\nCVE-2020-25212\n\nA bug was discovered in the NFSv4 client implementation that could lead to a heap buffer overflow. A malicious NFS server could use this to cause a denial of service (crash or memory corruption) or possibly to execute arbitrary code on the client.\n\nCVE-2020-25284\n\nIt was discovered that the Rados block device (rbd) driver allowed tasks running as uid 0 to add and remove rbd devices, even if they dropped capabilities. On a system with the rbd driver loaded, this might allow privilege escalation from a container with a task running as root.\n\nCVE-2020-25285\n\nA race condition was discovered in the hugetlb filesystem's sysctl handlers, that could lead to stack corruption. A local user permitted to write to hugepages sysctls could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. By default only the root user can do this.\n\nCVE-2020-25641\n\nThe syzbot tool found a bug in the block layer that could lead to an infinite loop. A local user with access to a raw block device could use this to cause a denial of service (unbounded CPU use and possible system hang).\n\nCVE-2020-26088\n\nIt was discovered that the NFC (Near Field Communication) socket implementation allowed any user to create raw sockets. On a system with an NFC interface, this allowed local users to evade local network security policy.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.19.146-1~deb9u1. This update additionally fixes Debian bugs #966846, #966917, and #968567; and includes many more bug fixes from stable updates 4.19.133-4.19.146 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-09-29T00:00:00", "type": "nessus", "title": "Debian DLA-2385-1 : linux-4.19 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19448", "CVE-2019-19813", "CVE-2019-19816", "CVE-2019-3874", "CVE-2020-10781", "CVE-2020-12888", "CVE-2020-14314", "CVE-2020-14331", "CVE-2020-14356", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-14390", "CVE-2020-16166", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-26088"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-config-4.19", "p-cpe:/a:debian:debian_linux:linux-doc-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.19", "p-cpe:/a:debian:debian_linux:linux-perf-4.19", "p-cpe:/a:debian:debian_linux:linux-source-4.19", "p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2385.NASL", "href": "https://www.tenable.com/plugins/nessus/140933", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2385-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140933);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2019-19448\", \"CVE-2019-19813\", \"CVE-2019-19816\", \"CVE-2019-3874\", \"CVE-2020-10781\", \"CVE-2020-12888\", \"CVE-2020-14314\", \"CVE-2020-14331\", \"CVE-2020-14356\", \"CVE-2020-14385\", \"CVE-2020-14386\", \"CVE-2020-14390\", \"CVE-2020-16166\", \"CVE-2020-25212\", \"CVE-2020-25284\", \"CVE-2020-25285\", \"CVE-2020-25641\", \"CVE-2020-26088\");\n\n script_name(english:\"Debian DLA-2385-1 : linux-4.19 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, or information\nleak.\n\nCVE-2019-3874\n\nKernel buffers allocated by the SCTP network protocol were not limited\nby the memory cgroup controller. A local user could potentially use\nthis to evade container memory limits and to cause a denial of service\n(excessive memory use).\n\nCVE-2019-19448, CVE-2019-19813, CVE-2019-19816\n\n'Team bobfuzzer' reported bugs in Btrfs that could lead to a\nuse-after-free or heap buffer overflow, and could be triggered by\ncrafted filesystem images. A user permitted to mount and access\narbitrary filesystems could use these to cause a denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-10781\n\nLuca Bruno of Red Hat discovered that the zram control file\n/sys/class/zram-control/hot_add was readable by all users. On a system\nwith zram enabled, a local user could use this to cause a denial of\nservice (memory exhaustion).\n\nCVE-2020-12888\n\nIt was discovered that the PCIe Virtual Function I/O (vfio-pci) driver\nallowed users to disable a device's memory space while it was still\nmapped into a process. On some hardware platforms, local users or\nguest virtual machines permitted to access PCIe Virtual Functions\ncould use this to cause a denial of service (hardware error and\ncrash).\n\nCVE-2020-14314\n\nA bug was discovered in the ext4 filesystem that could lead to an\nout-of-bound read. A local user permitted to mount and access\narbitrary filesystem images could use this to cause a denial of\nservice (crash).\n\nCVE-2020-14331\n\nA bug was discovered in the VGA console driver's soft-scrollback\nfeature that could lead to a heap buffer overflow. On a system with a\ncustom kernel that has CONFIG_VGACON_SOFT_SCROLLBACK enabled, a local\nuser with access to a console could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nCVE-2020-14356\n\nA bug was discovered in the cgroup subsystem's handling of socket\nreferences to cgroups. In some cgroup configurations, this could lead\nto a use-after-free. A local user might be able to use this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2020-14385\n\nA bug was discovered in XFS, which could lead to an extended attribute\n(xattr) wrongly being detected as invalid. A local user with access to\nan XFS filesystem could use this to cause a denial of service\n(filesystem shutdown).\n\nCVE-2020-14386\n\nOr Cohen discovered a bug in the packet socket (AF_PACKET)\nimplementation which could lead to a heap buffer overflow. A local\nuser with the CAP_NET_RAW capability (in any user namespace) could use\nthis to cause a denial of service (crash or memory corruption) or\npossibly for privilege escalation.\n\nCVE-2020-14390\n\nMinh Yuan discovered a bug in the framebuffer console driver's\nscrollback feature that could lead to a heap buffer overflow. On a\nsystem using framebuffer consoles, a local user with access to a\nconsole could use this to cause a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nThe scrollback feature has been disabled for now, as no\nother fix was available for this issue.\n\nCVE-2020-16166\n\nAmit Klein reported that the random number generator used by the\nnetwork stack might not be re-seeded for long periods of time, making\ne.g. client port number allocations more predictable. This made it\neasier for remote attackers to carry out some network- based attacks\nsuch as DNS cache poisoning or device tracking.\n\nCVE-2020-25212\n\nA bug was discovered in the NFSv4 client implementation that could\nlead to a heap buffer overflow. A malicious NFS server could use this\nto cause a denial of service (crash or memory corruption) or possibly\nto execute arbitrary code on the client.\n\nCVE-2020-25284\n\nIt was discovered that the Rados block device (rbd) driver allowed\ntasks running as uid 0 to add and remove rbd devices, even if they\ndropped capabilities. On a system with the rbd driver loaded, this\nmight allow privilege escalation from a container with a task running\nas root.\n\nCVE-2020-25285\n\nA race condition was discovered in the hugetlb filesystem's sysctl\nhandlers, that could lead to stack corruption. A local user permitted\nto write to hugepages sysctls could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation. By default only the root user can do this.\n\nCVE-2020-25641\n\nThe syzbot tool found a bug in the block layer that could lead to an\ninfinite loop. A local user with access to a raw block device could\nuse this to cause a denial of service (unbounded CPU use and possible\nsystem hang).\n\nCVE-2020-26088\n\nIt was discovered that the NFC (Near Field Communication) socket\nimplementation allowed any user to create raw sockets. On a system\nwith an NFC interface, this allowed local users to evade local network\nsecurity policy.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.146-1~deb9u1. This update additionally fixes Debian bugs #966846,\n#966917, and #968567; and includes many more bug fixes from stable\nupdates 4.19.133-4.19.146 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux-4.19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux-4.19\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"linux-config-4.19\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-amd64\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-arm64\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armel\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armhf\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-i386\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-amd64\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-arm64\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common-rt\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-marvell\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rpi\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-dbg\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae-dbg\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64-dbg\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64-dbg\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-dbg\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell-dbg\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi-dbg\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.19\", reference:\"4.19.146-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.19.0-0.bpo.10\", reference:\"4.19.146-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:32", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1578 advisory.\n\n - kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c (CVE-2019-18811)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)\n\n - kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)\n\n - kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)\n\n - kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)\n\n - kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)\n\n - kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)\n\n - kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)\n\n - kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)\n\n - kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)\n\n - kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n - kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)\n\n - kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)\n\n - kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)\n\n - kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n - kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)\n\n - kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)\n\n - kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)\n\n - kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)\n\n - kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322)\n\n - kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-24T00:00:00", "type": "nessus", "title": "CentOS 8 : kernel (CESA-2021:1578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18811", "CVE-2019-19523", "CVE-2019-19528", "CVE-2020-0431", "CVE-2020-11608", "CVE-2020-12114", "CVE-2020-12362", "CVE-2020-12464", "CVE-2020-14314", "CVE-2020-14356", "CVE-2020-15437", "CVE-2020-24394", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25704", "CVE-2020-27786", "CVE-2020-27835", "CVE-2020-28974", "CVE-2020-35508", "CVE-2020-36322", "CVE-2021-0342"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-stablelists", "p-cpe:/a:centos:centos:kernel-core", "p-cpe:/a:centos:centos:kernel-cross-headers", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-core", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-debug-modules", "p-cpe:/a:centos:centos:kernel-debug-modules-extra", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-modules", "p-cpe:/a:centos:centos:kernel-modules-extra", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python3-perf"], "id": "CENTOS8_RHSA-2021-1578.NASL", "href": "https://www.tenable.com/plugins/nessus/149874", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:1578. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149874);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2019-18811\",\n \"CVE-2019-19523\",\n \"CVE-2019-19528\",\n \"CVE-2020-0431\",\n \"CVE-2020-11608\",\n \"CVE-2020-12114\",\n \"CVE-2020-12362\",\n \"CVE-2020-12464\",\n \"CVE-2020-14314\",\n \"CVE-2020-14356\",\n \"CVE-2020-15437\",\n \"CVE-2020-24394\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25643\",\n \"CVE-2020-25704\",\n \"CVE-2020-27786\",\n \"CVE-2020-27835\",\n \"CVE-2020-28974\",\n \"CVE-2020-35508\",\n \"CVE-2020-36322\",\n \"CVE-2021-0342\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1578\");\n\n script_name(english:\"CentOS 8 : kernel (CESA-2021:1578)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:1578 advisory.\n\n - kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c (CVE-2019-18811)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver\n (CVE-2019-19523)\n\n - kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver\n (CVE-2019-19528)\n\n - kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)\n\n - kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in\n drivers/media/usb/gspca/ov519.c (CVE-2020-11608)\n\n - kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)\n\n - kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)\n\n - kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)\n\n - kernel: NULL pointer dereference in serial8250_isa_init_ports function in\n drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)\n\n - kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)\n\n - kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n - kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)\n\n - kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)\n\n - kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow\n (CVE-2020-25643)\n\n - kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n - kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)\n\n - kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)\n\n - kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)\n\n - kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)\n\n - kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322)\n\n - kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege\n (CVE-2021-0342)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1578\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-27786\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2019-18811', 'CVE-2019-19523', 'CVE-2019-19528', 'CVE-2020-0431', 'CVE-2020-11608', 'CVE-2020-12114', 'CVE-2020-12362', 'CVE-2020-12464', 'CVE-2020-14314', 'CVE-2020-14356', 'CVE-2020-15437', 'CVE-2020-24394', 'CVE-2020-25212', 'CVE-2020-25284', 'CVE-2020-25285', 'CVE-2020-25643', 'CVE-2020-25704', 'CVE-2020-27786', 'CVE-2020-27835', 'CVE-2020-28974', 'CVE-2020-35508', 'CVE-2020-36322', 'CVE-2021-0342');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for CESA-2021:1578');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'bpftool-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:10:32", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).\n\nCVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395).\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663).\n\nCVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation (bnc#1105322).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-16T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0452-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10902", "CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-11668", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25211", "CVE-2020-25285", "CVE-2020-25669", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-27835", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788", "CVE-2021-3347"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_138-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_138-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0452-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146511", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0452-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146511);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2018-10902\",\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-11668\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25211\",\n \"CVE-2020-25285\",\n \"CVE-2020-25669\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-27835\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\",\n \"CVE-2021-3347\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0452-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes\nduring fault handling, allowing local users to execute code in the\nkernel (bnc#1181349).\n\nCVE-2020-25211: Fixed a buffer overflow in\nctnetlink_parse_tuple_filter() which could be triggered by a local\nattackers by injecting conntrack netlink configuration (bnc#1176395).\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was\nfound, specifically in the way user calls Ioctl after open dev file\nand fork. A local user could use this flaw to crash the system\n(bnc#1179878).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information\nleaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing\nwatch events (bnc#1179508).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI\nimplementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the\nXirlink camera USB driver (bnc#1168952).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers\nin mm/hugetlb.c (bnc#1176485).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed (bsc#1179663).\n\nCVE-2018-10902: It was found that the raw midi kernel driver did not\nprotect against concurrent access which leads to a double realloc\n(double free) in snd_rawmidi_input_params() and\nsnd_rawmidi_output_status() which are part of snd_rawmidi_ioctl()\nhandler in rawmidi.c file. A malicious local attacker could possibly\nuse this for privilege escalation (bnc#1105322).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=969755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-10902/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25211/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25285/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27835/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29568/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29569/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3347/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210452-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5c68770\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-452=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2021-452=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2021-452=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-452=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-452=1\n\nSUSE Linux Enterprise High Availability 12-SP3 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP3-2021-452=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2021-452=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2021-452=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_138-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_138-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-kgraft-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_138-default-1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_138-default-debuginfo-1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.180-94.138.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:18", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1578 advisory.\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. (CVE-2020-11608)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. (CVE-2019-19528)\n\n - usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. (CVE-2020-12464)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. (CVE-2020-24394)\n\n - A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. (CVE-2020-12114)\n\n - A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2020-14356)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. (CVE-2020-25704)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. (CVE-2020-35508)\n\n - A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. (CVE-2019-18811)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. (CVE-2020-15437)\n\n - A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.\n (CVE-2020-27835)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2020-12362)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. (CVE-2020-36322)\n\n - In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327. (CVE-2021-0342)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 (CVE-2020-0431)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-26T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2021-1578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18811", "CVE-2019-19523", "CVE-2019-19528", "CVE-2020-0431", "CVE-2020-11608", "CVE-2020-12114", "CVE-2020-12362", "CVE-2020-12464", "C