CVE-2020-26541

2020-10-02T19:15:00

Description

The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.

Affected Software

CPE Name	Name	Version
linux:linux_kernel	linux linux kernel	5.8.13

{"id": "CVE-2020-26541", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-26541", "description": "The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.", "published": "2020-10-02T19:15:00", "modified": "2020-10-05T02:17:00", "epss": [{"cve": "CVE-2020-26541", "epss": 0.00048, "percentile": 0.14775, "modified": "2023-06-06"}], "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 6.9}, "severity": "MEDIUM", "exploitabilityScore": 3.4, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 0.6, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26541", "reporter": "cve@mitre.org", "references": ["https://lkml.org/lkml/2020/9/15/1871"], "cvelist": ["CVE-2020-26541"], "immutableFields": [], "lastseen": "2023-06-06T14:41:00", "viewCount": 243, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:2570"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:53F8A02950D1071788BF2E23EFF823EF", "CFOUNDRY:C7BE92CF45CB8F4FCBCEA8F043427BCF"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-26541"]}, {"type": "ibm", "idList": ["1B4C690B7DA33A4807087B34223ECB27C2AA91A91D536267A98B4BCEEB54A441"]}, {"type": "mageia", "idList": ["MGASA-2021-0347", "MGASA-2021-0348"]}, {"type": "nessus", "idList": ["AL2_ALASKERNEL-5_10-2022-002.NASL", "AL2_ALASKERNEL-5_4-2022-004.NASL", "ALMA_LINUX_ALSA-2021-2570.NASL", "CENTOS8_RHSA-2021-2570.NASL", "EULEROS_SA-2022-1292.NASL", "NEWSTART_CGSL_NS-SA-2022-0059_KERNEL.NASL", "ORACLELINUX_ELSA-2020-5912.NASL", "ORACLELINUX_ELSA-2021-2570.NASL", "REDHAT-RHSA-2021-2570.NASL", "REDHAT-RHSA-2021-2599.NASL", "REDHAT-RHSA-2021-2666.NASL", "REDHAT-RHSA-2021-2718.NASL", "REDHAT-RHSA-2021-2719.NASL", "ROCKY_LINUX_RLSA-2021-2570.NASL", "SUSE_SU-2022-2104-1.NASL", "SUSE_SU-2022-2111-1.NASL", "SUSE_SU-2022-2172-1.NASL", "SUSE_SU-2022-2173-1.NASL", "SUSE_SU-2022-2177-1.NASL", "SUSE_SU-2022-2377-1.NASL", "SUSE_SU-2022-2382-1.NASL", "SUSE_SU-2022-2393-1.NASL", "SUSE_SU-2022-2407-1.NASL", "SUSE_SU-2022-2629-1.NASL", "SUSE_SU-2022-4561-1.NASL", "SUSE_SU-2022-4611-1.NASL", "UBUNTU_USN-5070-1.NASL", "UBUNTU_USN-5106-1.NASL", "UBUNTU_USN-5120-1.NASL", "UBUNTU_USN-5210-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5912", "ELSA-2020-5913", "ELSA-2020-5914", "ELSA-2020-5923", "ELSA-2020-5924", "ELSA-2020-5956", "ELSA-2021-2570"]}, {"type": "photon", "idList": ["PHSA-2021-0078", "PHSA-2021-0316", "PHSA-2021-0399", "PHSA-2021-0436", "PHSA-2021-3.0-0316", "PHSA-2021-4.0-0078"]}, {"type": "redhat", "idList": ["RHSA-2021:2438", "RHSA-2021:2570", "RHSA-2021:2599", "RHSA-2021:2666", "RHSA-2021:2718", "RHSA-2021:2719", "RHSA-2021:2920"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-26541"]}, {"type": "rocky", "idList": ["RLSA-2021:2570"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:2173-1", "OPENSUSE-SU-2022:2177-1", "SUSE-SU-2022:2111-1", "SUSE-SU-2022:2172-1", "SUSE-SU-2022:2173-1"]}, {"type": "ubuntu", "idList": ["USN-5070-1", "USN-5106-1", "USN-5120-1", "USN-5210-1", "USN-5210-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-26541"]}, {"type": "veracode", "idList": ["VERACODE:31092"]}]}, "score": {"value": 3.6, "vector": "NONE"}, "twitter": {"counter": 2, "modified": "2021-02-02T07:37:04", "tweets": [{"link": "https://twitter.com/linuxlkml/status/1383159049919811584", "text": "/hashtag/kernel?src=hashtag_click Fix for CVE-2020-26541"}, {"link": "https://twitter.com/linuxlkml/status/1383159049919811584", "text": "/hashtag/kernel?src=hashtag_click Fix for CVE-2020-26541"}]}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:2570"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:53F8A02950D1071788BF2E23EFF823EF", "CFOUNDRY:C7BE92CF45CB8F4FCBCEA8F043427BCF"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-26541"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2020-5912.NASL", "REDHAT-RHSA-2021-2666.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5913", "ELSA-2020-5914", "ELSA-2020-5923", "ELSA-2020-5924"]}, {"type": "photon", "idList": ["PHSA-2021-0078", "PHSA-2021-0316", "PHSA-2021-0436"]}, {"type": "redhat", "idList": ["RHSA-2021:2719"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-26541"]}, {"type": "rocky", "idList": ["RLSA-2021:2570"]}, {"type": "ubuntu", "idList": ["USN-5070-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-26541"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "linux linux kernel", "version": 5}]}, "epss": [{"cve": "CVE-2020-26541", "epss": 0.00048, "percentile": 0.14694, "modified": "2023-05-07"}], "vulnersScore": 3.6}, "_state": {"dependencies": 1686073041, "score": 1686062979, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "82b8996313c517ee9ca2564491a49b45"}, "cna_cvss": {"cna": "MITRE", "cvss": {"3": {"vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "score": 6.5}}}, "cpe": ["cpe:/o:linux:linux_kernel:5.8.13"], "cpe23": ["cpe:2.3:o:linux:linux_kernel:5.8.13:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"cpeName": "linux:linux_kernel", "version": "5.8.13", "operator": "le", "name": "linux linux kernel"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.8.13:*:*:*:*:*:*:*", "versionEndIncluding": "5.8.13", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://lkml.org/lkml/2020/9/15/1871", "name": "https://lkml.org/lkml/2020/9/15/1871", "refsource": "MISC", "tags": ["Exploit", "Vendor Advisory"]}], "product_info": [{"vendor": "Linux", "product": "Linux_kernel"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}

{"debiancve": [{"lastseen": "2023-06-06T14:56:45", "description": "The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.", "cvss3": {"exploitabilityScore": 0.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-02T19:15:00", "type": "debiancve", "title": "CVE-2020-26541", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541"], "modified": "2020-10-02T19:15:00", "id": "DEBIANCVE:CVE-2020-26541", "href": "https://security-tracker.debian.org/tracker/CVE-2020-26541", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2023-09-13T15:10:09", "description": "The Linux kernel through 5.8.13 does not properly enforce the Secure Boot\nForbidden Signature Database (aka dbx) protection mechanism. This affects\ncerts/blacklist.c and certs/system_keyring.c.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1918960>\n * <https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1928679>\n", "cvss3": {"exploitabilityScore": 0.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-02T00:00:00", "type": "ubuntucve", "title": "CVE-2020-26541", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541"], "modified": "2020-10-02T00:00:00", "id": "UB:CVE-2020-26541", "href": "https://ubuntu.com/security/CVE-2020-26541", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "veracode": [{"lastseen": "2022-07-26T13:49:48", "description": "The Linux kernel is vulnerable to Protection Bypass. It does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. A flaw was found in the Linux kernel in certs/blacklist.c, When signature entries for EFI_CERT_X509_GUID are contained in the Secure Boot Forbidden Signature Database, the entries are skipped. This can cause a security threat and breach system integrity, confidentiality and even lead to a denial of service problem.\n", "cvss3": {"exploitabilityScore": 0.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-30T12:18:51", "type": "veracode", "title": "Protection Bypass", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541"], "modified": "2022-04-19T18:42:36", "id": "VERACODE:31092", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31092/summary", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2023-06-06T15:07:09", "description": "A flaw was found in the Linux kernel in certs/blacklist.c, When signature entries for EFI_CERT_X509_GUID are contained in the Secure Boot Forbidden Signature Database, the entries are skipped. This can cause a security threat and breach system integrity, confidentiality and even lead to a denial of service problem.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. \n\n", "cvss3": {"exploitabilityScore": 0.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-08T06:35:48", "type": "redhatcve", "title": "CVE-2020-26541", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541"], "modified": "2023-04-06T07:55:14", "id": "RH:CVE-2020-26541", "href": "https://access.redhat.com/security/cve/cve-2020-26541", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-07-30T06:24:31", "description": "[4.18.0-305.7.1_4.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5\n[4.18.0-305.7.1_4]\n- net: zero-initialize tc skb extension on allocation (Ivan Vecera) [1965457 1946986]\n- net/sched: cls_flower: fix only mask bit check in the validate_ct_state (Ivan Vecera) [1965457 1946986]\n- net: cls_api: Fix uninitialised struct field bo->unlocked_driver_cb (Ivan Vecera) [1965457 1946986]\n- net/sched: act_api: fix miss set post_ct for ovs after do conntrack in act_ct (Ivan Vecera) [1965457 1946986]\n- net/sched: cls_flower: validate ct_state for invalid and reply flags (Ivan Vecera) [1965457 1946986]\n- flow_dissector: fix TTL and TOS dissection on IPv4 fragments (Paolo Abeni) [1963952 1950288]\n- Revert 'sctp: Fix SHUTDOWN CTSN Ack in the peer restart case' (Xin Long) [1965632 1953839]\n- sctp: do asoc update earlier in sctp_sf_do_dupcook_b (Xin Long) [1965632 1953839]\n- sctp: do asoc update earlier in sctp_sf_do_dupcook_a (Xin Long) [1965632 1953839]\n- Bluetooth: verify AMP hci_chan before amp_destroy (Gopal Tiwari) [1962544 1962546] {CVE-2021-33034}\n- x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (Lenny Szubowicz) [1964930 1934273]\n- x86/kvm: Disable all PV features on crash (Lenny Szubowicz) [1964930 1934273]\n- x86/kvm: Disable kvmclock on all CPUs on shutdown (Lenny Szubowicz) [1964930 1934273]\n- x86/kvm: Teardown PV features on boot CPU as well (Lenny Szubowicz) [1964930 1934273]\n- x86/kvm: Fix pr_info() for async PF setup/teardown (Lenny Szubowicz) [1964930 1934273]\n- net/sched: act_ct: Fix ct template allocation for zone 0 (Marcelo Ricardo Leitner) [1965150 1881824]\n[4.18.0-305.6.1_4]\n- openvswitch: fix stack OOB read while fragmenting IPv4 packets (Davide Caratti) [1963940 1924608]\n- net/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets (Davide Caratti) [1963940 1924608]\n- net/sched: act_ct: fix wild memory access when clearing fragments (Davide Caratti) [1963940 1924608]\n- net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT (Ivan Vecera)\n- redhat/configs: Add CONFIG_SYSTEM_REVOCATION_KEYS and CONFIG_SYSTEM_REVOCATION_LIST (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}\n- certs: add 'x509_revocation_list' to gitignore (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}\n- integrity: Load mokx variables into the blacklist keyring (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}\n- certs: Add ability to preload revocation certs (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}\n- certs: Move load_system_certificate_list to a common function (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}\n- certs: Add EFI_CERT_X509_GUID support for dbx entries (Vladis Dronov) [1965270 1893793] {CVE-2020-26541}\n- net/sched: cls_api: increase max_reclassify_loop (Davide Caratti) [1965148 1955136]\n- dm writecache: fix performance degradation in ssd mode (Mike Snitzer) [1962241 1961859]\n- scsi: fnic: Use scsi_host_busy_iter() to traverse commands (Ewan D. Milne) [1961705 1949250]\n- scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (Ewan D. Milne) [1961705 1949250]\n[4.18.0-305.5.1_4]\n- gfs2: report 'already frozen/thawed' errors (Bob Peterson) [1961849 1932236]\n- gfs2: move freeze glock outside the make_fs_rw and _ro functions (Bob Peterson) [1961849 1932236]\n- gfs2: Add common helper for holding and releasing the freeze glock (Bob Peterson) [1961849 1932236]\n- gfs2: in signal_our_withdraw wait for unfreeze of _this_ fs only (Bob Peterson) [1961849 1932236]\n- gfs2: Don't freeze the file system during unmount (Bob Peterson) [1961849 1932236]\n- gfs2: Fix regression in freeze_go_sync (Bob Peterson) [1961849 1932236]\n- gfs2: The freeze glock should never be frozen (Bob Peterson) [1961849 1932236]\n- gfs2: When freezing gfs2, use GL_EXACT and not GL_NOCACHE (Bob Peterson) [1961849 1932236]\n- gfs2: read-only mounts should grab the sd_freeze_gl glock (Bob Peterson) [1961849 1932236]\n- gfs2: freeze should work on read-only mounts (Bob Peterson) [1961849 1932236]\n- gfs2: Abort gfs2_freeze if io error is seen (Bob Peterson) [1961849 1932236]\n- CI: Disable result checking for realtime check (Veronika Kabatova)\n- CI: Explicitly disable result checking for private CI (Veronika Kabatova)\n- CI: Rename variable (Veronika Kabatova)\n- CI: Update builder containers (Veronika Kabatova)\n[4.18.0-305.4.1_4]\n- vmxnet3: Set the default of vxlan overlay offload to disabled (Cathy Avery) [1960702 1941714]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-01T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541", "CVE-2021-33034"], "modified": "2021-07-01T00:00:00", "id": "ELSA-2021-2570", "href": "http://linux.oracle.com/errata/ELSA-2021-2570.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:25:15", "description": "kernel-uek\n[3.8.13-118.51.2]\n- Revert 'kexec: Validate pe files against the system_lacklist_keyring' (John Donnelly) [Orabug: 32171714] {CVE-2020-26541} {CVE-2020-26541}\n[3.8.13-118.51.1]\n- usb: cdc-acm: make sure a refcount is taken early enough (Oliver Neukum) [Orabug: 31351090] {CVE-2019-19530}\n- kexec: Validate pe files against the system_lacklist_keyring (Eric Snowberg) [Orabug: 31961121] {CVE-2020-26541}\n- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31974695]", "cvss3": {"exploitabilityScore": 0.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-02T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19530", "CVE-2020-26541"], "modified": "2020-12-02T00:00:00", "id": "ELSA-2020-5956", "href": "http://linux.oracle.com/errata/ELSA-2020-5956.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:49", "description": "[4.1.12-124.44.4]\n- scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS (himanshu.madhani@cavium.com) [Orabug: 32020790]\n[4.1.12-124.44.3]\n- qed: Reduce verbosity of unimplemented MFW messages (Mintz, Yuval) [Orabug: 31959299] \n- kexec: validate pe files against the system_blacklist_keyring (Eric Snowberg) [Orabug: 31961119] {CVE-2020-26541}\n[4.1.12-124.44.2]\n- usb: cdc-acm: make sure a refcount is taken early enough (Oliver Neukum) [Orabug: 31351088] {CVE-2019-19530}\n- net/rds: migration of a delayed initialized port present in down state (Praveen Kumar Kannoju) [Orabug: 31729995] \n- net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31835223] \n- mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31835223] \n- mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aruna Ramakrishna) [Orabug: 31835223] \n- mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aruna Ramakrishna) [Orabug: 31835223] \n- mm, page_alloc: remove unnecessary variable from free_pcppages_bulk (Mel Gorman) [Orabug: 31835223] \n- netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872865] {CVE-2020-25211}\n- net/rds: Extract dest qp num for displaying in rds-info (Praveen Kumar Kannoju) [Orabug: 31880144] \n- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31974559]\n[4.1.12-124.44.1]\n- oracleasm: Retrieve d_bdev before dropping inode (Stephen Brennan) [Orabug: 31832592] \n- KVM: VMX: fixes for vmentry_l1d_flush module parameter (Paolo Bonzini) [Orabug: 31962487]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-11-06T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7913", "CVE-2016-7917", "CVE-2019-19530", "CVE-2020-25211", "CVE-2020-25643", "CVE-2020-26541"], "modified": "2020-11-06T00:00:00", "id": "ELSA-2020-5912", "href": "http://linux.oracle.com/errata/ELSA-2020-5912.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:20", "description": "[5.4.17-2036.100.6.1.el8uek]\n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040802] {CVE-2020-8694} {CVE-2020-8695}\n- KVM: ioapic: break infinite recursion on lazy EOI (Vitaly Kuznetsov) [Orabug: 32066585] {CVE-2020-27152} {CVE-2020-27152}\n- x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999339] \n- x86/jump_label: Patch one site at a time (Boris Ostrovsky) [Orabug: 31999339]\n[5.4.17-2036.100.5.el8uek]\n- uek-rpm: Fix integer test for 4k page size module signing (Dave Kleikamp) [Orabug: 32021114] \n- uek-rpm/kernel-uek.spec: Sign modules for 4k kernel (Vijay Kumar) [Orabug: 32021114] \n- hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989185] {CVE-2020-25643}\n- dm crypt: add flags to optionally bypass kcryptd workqueues (Ignat Korchagin) [Orabug: 31998688] \n- uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010302] \n- geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32013938] {CVE-2020-25645}\n- nvmet: Disable keep-alive timer when kato is cleared to 0h (Amit Engel) [Orabug: 31997181] \n- KVM: nVMX: stop abusing need_vmcs12_to_shadow_sync for eVMCS mapping (Vitaly Kuznetsov) [Orabug: 31986433] \n- cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug (Daniel Jordan) [Orabug: 31985221] \n- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979626] \n- uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961115] \n- certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961115] \n- certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961115] \n- certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961115] {CVE-2020-26541}\n- bcache: stop setting ->queuedata (Christoph Hellwig) [Orabug: 30210051] \n- bcache: pr_info() format clean up in bcache_device_init() (Coly Li) [Orabug: 30210051] \n- bcache: use delayed kworker fo asynchronous devices registration (Coly Li) [Orabug: 30210051] \n- bcache: check and adjust logical block size for backing devices (Mauricio Faria de Oliveira) [Orabug: 30210051] \n- bcache: configure the asynchronous registertion to be experimental (Coly Li) [Orabug: 30210051] \n- bcache: asynchronous devices registration (Coly Li) [Orabug: 30210051] \nuses to a more typical style (Joe Perches) [Orabug: 30210051] \n- bcache: remove redundant variables i and n (Colin Ian King) [Orabug: 30210051] \n- bcache: remove a duplicate ->make_request_fn assignment (Christoph Hellwig) [Orabug: 30210051] \n- bcache: pass the make_request methods to blk_queue_make_request (Christoph Hellwig) [Orabug: 30210051] \n- bcache: remove dupplicated declaration from btree.h (Coly Li) [Orabug: 30210051] \n- bcache: optimize barrier usage for atomic operations (Coly Li) [Orabug: 30210051] \n- bcache: optimize barrier usage for Rmw atomic bitops (Davidlohr Bueso) [Orabug: 30210051] \n- bcache: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 30210051] \n- bcache: make bch_sectors_dirty_init() to be multithreaded (Coly Li) [Orabug: 30210051] \n- bcache: make bch_btree_check() to be multithreaded (Coly Li) [Orabug: 30210051] \n- bcache: add bcache_ prefix to btree_root() and btree() macros (Coly Li) [Orabug: 30210051] \n- bcache: move macro btree() and btree_root() into btree.h (Coly Li) [Orabug: 30210051] \n- bcache: remove macro nr_to_fifo_front() (Coly Li) [Orabug: 30210051] \n- bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (Coly Li) [Orabug: 30210051] \n- bcache: check return value of prio_read() (Coly Li) [Orabug: 30210051] \n- bcache: reap from tail of c->btree_cache in bch_mca_scan() (Coly Li) [Orabug: 30210051] \n- bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (Coly Li) [Orabug: 30210051] \n- bcache: remove member accessed from struct btree (Coly Li) [Orabug: 30210051] \n- bcache: add code comments for state->pool in __btree_sort() (Coly Li) [Orabug: 30210051] \n- bcache: use read_cache_page_gfp to read the superblock (Christoph Hellwig) [Orabug: 30210051] \n- bcache: store a pointer to the on-disk sb in the cache and cached_dev structures (Christoph Hellwig) [Orabug: 30210051] \n- bcache: return a pointer to the on-disk sb from read_super (Christoph Hellwig) [Orabug: 30210051] \n- bcache: transfer the sb_page reference to register_{bdev,cache} (Christoph Hellwig) [Orabug: 30210051] \n- bcache: use a separate data structure for the on-disk super block (Christoph Hellwig) [Orabug: 30210051] \n- bcache: don't export symbols (Christoph Hellwig) [Orabug: 30210051] \n- bcache: remove the extra cflags for request.o (Christoph Hellwig) [Orabug: 30210051] \n- bcache: add idle_max_writeback_rate sysfs interface (Coly Li) [Orabug: 30210051] \n- bcache: add code comments in bch_btree_leaf_dirty() (Coly Li) [Orabug: 30210051] \n- bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (Coly Li) [Orabug: 30210051] \n- bcache: deleted code comments for dead code in bch_data_insert_keys() (Coly Li) [Orabug: 30210051] \n- bcache: add more accurate error messages in read_super() (Coly Li) [Orabug: 30210051] \n- bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (Guoju Fang) [Orabug: 30210051] \n- mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31965669] \n- rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31933715] \n- panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 31916337] \n- nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31972480] {CVE-2019-16089}\n- vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914650] {CVE-2020-14390}\n- fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914650] {CVE-2020-14390}\n- net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (Shung-Hsi Yu) [Orabug: 31907969] \n- PCI: pciehp: Reduce noisiness on hot removal (Lukas Wunner) [Orabug: 30512596] \n- kdump: update Documentation about crashkernel (Chen Zhou) [Orabug: 31554906] \n- arm64: kdump: add memory for devices by DT property linux, usable-memory-range (Chen Zhou) [Orabug: 31554906] \n- kdump: add threshold for the required memory (Chen Zhou) [Orabug: 31554906] \n- arm64: kdump: reimplement crashkernel=X (Chen Zhou) [Orabug: 31554906] \n- arm64: kdump: introduce some macroes for crash kernel reservation (Chen Zhou) [Orabug: 31554906] \n- x86: kdump: move reserve_crashkernel[_low]() into crash_core.c (Chen Zhou) [Orabug: 31554906] \n- x86: kdump: use macro CRASH_ADDR_LOW_MAX in functions reserve_crashkernel[_low]() (Chen Zhou) [Orabug: 31554906] \n- x86: kdump: make the lower bound of crash kernel reservation consistent (Chen Zhou) [Orabug: 31554906] \n- x86: kdump: move CRASH_ALIGN to 2M (Chen Zhou) [Orabug: 31554906] \n- block: allow 'chunk_sectors' to be non-power-of-2 (Mike Snitzer) [Orabug: 31827023] \n- block: use lcm_not_zero() when stacking chunk_sectors (Mike Snitzer) [Orabug: 31827023] \n- dm: fix comment in dm_process_bio() (Mike Snitzer) [Orabug: 31827023] \n- dm: fix bio splitting and its bio completion order for regular IO (Mike Snitzer) [Orabug: 31827023] \n- block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955136] {CVE-2020-25641}\n[5.4.17-2036.100.4.el8uek]\n- xfs: force writes to delalloc regions to unwritten (Darrick J. Wong) [Orabug: 30787888] \n- xfs: properly serialise fallocate against AIO+DIO (Dave Chinner) [Orabug: 31366104] \n- perf/x86/rapl: Add Ice Lake RAPL support (Thomas Tai) [Orabug: 31766610] \n- xfs: attach dquots and reserve quota blocks during unwritten conversion (Darrick J. Wong) [Orabug: 31785972] \n- netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872853] {CVE-2020-25211}\n- net/rds: Extract dest qp num for displaying in rds-info (Praveen Kumar Kannoju) [Orabug: 31880140] \n- uek-rpm: streamline 4konly build (Dave Kleikamp) [Orabug: 31891770] \n- bnxt: correct warning: unused variable: 'rc' (John Donnelly) [Orabug: 31907548] \n- i40e: Correct warning: 'aq_ret' may be used uninitialized, (John Donnelly) [Orabug: 31907631] \n- uek-rpm: Add ovmapi.ko to uek6 nano_modules (Joe Jin) [Orabug: 31908852] \n- uek-rpm: config: Enable OVM API (Joe Jin) [Orabug: 31908852] \n- uek-rpm: Fix kernel-ueknano depmod warnings vhost_iotlb regmap-i2c (Vijayendra Suman) [Orabug: 31916879] \n- kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (Muchun Song) [Orabug: 31920526] \n- scsi: page warning: 'page' may be used uninitialized. (John Donnelly) [Orabug: 31920671] \n- x86/speculation/taa: Add TAA_MITIGATION_IDLE mode (Patrick Colp) [Orabug: 31921884] \n- oracleasm: Access d_bdev before dropping inode (Stephen Brennan) [Orabug: 31927355] \n- iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (Suravee Suthikulpanit) [Orabug: 31931368] \n- iommu/amd: Fix potential @entry null deref (Joao Martins) [Orabug: 31931368] \n- iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (Suravee Suthikulpanit) [Orabug: 31931368]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-10T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16089", "CVE-2020-14390", "CVE-2020-25211", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-26541", "CVE-2020-27152", "CVE-2020-8694", "CVE-2020-8695"], "modified": "2020-11-10T00:00:00", "id": "ELSA-2020-5914", "href": "http://linux.oracle.com/errata/ELSA-2020-5914.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2021-07-30T06:24:55", "description": "[4.14.35-2025.402.2.1.el7]\n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug:\n 32040805] {CVE-2020-8694} {CVE-2020-8695}\n[4.14.35-2025.402.2.el7]\n- ocfs2: fix remounting needed after setfacl command (Gang He) \n- Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770]\n- drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349]\n- i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050]\n- bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757]\n- SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763]\n- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520]\n- qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276]\n[4.14.35-2025.402.1.el7]\n- configfs: make ci_type field, some pointers and function arguments const (Bhumika Goyal) [Orabug: 32022427]\n- IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31596798]\n- hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989189] {CVE-2020-25643}\n- uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010303]\n- SUNRPC: Remove xprt_connect_status() again (John Donnelly) [Orabug: 32010341]\n- geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32014099] {CVE-2020-25645}\n- nvme-fc: fix double-free scenarios on hw queues (James Smart) [Orabug: 32019898]\n- xfs: fix warning: unused variable 'sb' (John Donnelly) [Orabug: 32010343]\n- nvme-pci: remove queue_count_ops for write_queues and poll_queues (Minwoo Im) [Orabug: 32010357]\n- nvme: Corrects warning: unused variable 'startka' (John Donnelly) [Orabug: 32010357]\n- uek-rpm: config-aarch64-embedded add fast_kexec (Henry Willard) [Orabug: 32010273]\n- arm64: kexec: Add optional fast shutdown for kexec (Henry Willard) [Orabug: 32010273]\n- ocfs2: remove unused ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 32007790]\n- rds: fixes warning: unused variable 'cache_sz_k' (John Donnelly) [Orabug: 32008320]\n- panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 32009003]\n- uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961118]\n- certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961118]\n- certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961118]\n- certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961118] {CVE-2020-26541}\n- Revert 'l2tp: initialise PPP sessions before registering them' (George Kennedy) [Orabug: 31906205]\n- btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265337] {CVE-2019-19377}\n- btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351023] {CVE-2019-19448}\n- xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895824] {CVE-2020-14385}\n- net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31907603]\n- mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31907603]\n- mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aaron Lu) [Orabug: 31907603]\n- mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aaron Lu) [Orabug: 31907603]\n- ghes: Corrects: warning: unused variable 'vaddr' [-Wunused-variable] (John Donnelly) [Orabug: 31995830]\n- ACPI: properties: Implement get_match_data() callback (Sinan Kaya) [Orabug: 31995830]\n- blk-mq: warning: unused variable 'ctx' (John Donnelly) [Orabug: 31996284]\n- x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999336]\n[4.14.35-2025.402.0.el7]\n- nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31351789] {CVE-2019-16089}\n- efi/x86/Add missing error handling to old_memmap 1:1 mapping code (Gen Zhang) [Orabug: 31351924] {CVE-2019-12380}\n- RDS: add module parameter to allow module unload or not (Hans Westgaard Ry) [Orabug: 31503865]\n- rds: Revert 'Disable module unload by default' (Hans Westgaard Ry) [Orabug: 31503865]\n- rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31521372]\n- EDAC/i10nm: Update driver to support different bus number config register offsets (Qiuxu Zhuo) [Orabug: 31645136]\n- EDAC, {skx,i10nm}: Make some configurations CPU model specific (Qiuxu Zhuo) [Orabug: 31645136]\n- mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31682346]\n- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722765]\n- KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722765]\n- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722765]\n- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722765]\n- cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779798] {CVE-2020-14356}\n- bpf: ensure helper ids match between UEK5, UEK6 and upstream (Alan Maguire) [Orabug: 31860453]\n- netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872862] {CVE-2020-25211}\n- vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}\n- fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}\n- KVM: nVMX: do not use dangling shadow VMCS after guest reset (Paolo Bonzini) [Orabug: 31941096]\n- Revert 'usb: xhci: do not create and register shared_hcd when USB3.0 is disabled' (Thomas Tai) [Orabug: 31943628]\n- uek-rpm: Use oracle-armset-1 to build uekemb2 (Dave Kleikamp) [Orabug: 31950869]\n- block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955141] {CVE-2020-25641}\n- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979628]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-12T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12380", "CVE-2019-16089", "CVE-2019-19377", "CVE-2019-19448", "CVE-2020-14356", "CVE-2020-14385", "CVE-2020-14390", "CVE-2020-25211", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-26541", "CVE-2020-8694", "CVE-2020-8695"], "modified": "2020-11-12T00:00:00", "id": "ELSA-2020-5924", "href": "http://linux.oracle.com/errata/ELSA-2020-5924.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2021-07-30T06:24:30", "description": "[4.14.35-2025.402.2.1.el7]\n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug:\n 32040805] {CVE-2020-8694} {CVE-2020-8695}\n[4.14.35-2025.402.2.el7]\n- ocfs2: fix remounting needed after setfacl command (Gang He) \n- Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770]\n- drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349]\n- i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050]\n- bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757]\n- SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763]\n- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520]\n- qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276]\n[4.14.35-2025.402.1.el7]\n- configfs: make ci_type field, some pointers and function arguments const (Bhumika Goyal) [Orabug: 32022427]\n- IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31596798]\n- hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989189] {CVE-2020-25643}\n- uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010303]\n- SUNRPC: Remove xprt_connect_status() again (John Donnelly) [Orabug: 32010341]\n- geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32014099] {CVE-2020-25645}\n- nvme-fc: fix double-free scenarios on hw queues (James Smart) [Orabug: 32019898]\n- xfs: fix warning: unused variable 'sb' (John Donnelly) [Orabug: 32010343]\n- nvme-pci: remove queue_count_ops for write_queues and poll_queues (Minwoo Im) [Orabug: 32010357]\n- nvme: Corrects warning: unused variable 'startka' (John Donnelly) [Orabug: 32010357]\n- uek-rpm: config-aarch64-embedded add fast_kexec (Henry Willard) [Orabug: 32010273]\n- arm64: kexec: Add optional fast shutdown for kexec (Henry Willard) [Orabug: 32010273]\n- ocfs2: remove unused ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 32007790]\n- rds: fixes warning: unused variable 'cache_sz_k' (John Donnelly) [Orabug: 32008320]\n- panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 32009003]\n- uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961118]\n- certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961118]\n- certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961118]\n- certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961118] {CVE-2020-26541}\n- Revert 'l2tp: initialise PPP sessions before registering them' (George Kennedy) [Orabug: 31906205]\n- btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265337] {CVE-2019-19377}\n- btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351023] {CVE-2019-19448}\n- xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895824] {CVE-2020-14385}\n- net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31907603]\n- mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31907603]\n- mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aaron Lu) [Orabug: 31907603]\n- mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aaron Lu) [Orabug: 31907603]\n- ghes: Corrects: warning: unused variable 'vaddr' [-Wunused-variable] (John Donnelly) [Orabug: 31995830]\n- ACPI: properties: Implement get_match_data() callback (Sinan Kaya) [Orabug: 31995830]\n- blk-mq: warning: unused variable 'ctx' (John Donnelly) [Orabug: 31996284]\n- x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999336]\n[4.14.35-2025.402.0.el7]\n- nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31351789] {CVE-2019-16089}\n- efi/x86/Add missing error handling to old_memmap 1:1 mapping code (Gen Zhang) [Orabug: 31351924] {CVE-2019-12380}\n- RDS: add module parameter to allow module unload or not (Hans Westgaard Ry) [Orabug: 31503865]\n- rds: Revert 'Disable module unload by default' (Hans Westgaard Ry) [Orabug: 31503865]\n- rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31521372]\n- EDAC/i10nm: Update driver to support different bus number config register offsets (Qiuxu Zhuo) [Orabug: 31645136]\n- EDAC, {skx,i10nm}: Make some configurations CPU model specific (Qiuxu Zhuo) [Orabug: 31645136]\n- mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31682346]\n- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722765]\n- KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722765]\n- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722765]\n- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722765]\n- cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779798] {CVE-2020-14356}\n- bpf: ensure helper ids match between UEK5, UEK6 and upstream (Alan Maguire) [Orabug: 31860453]\n- netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872862] {CVE-2020-25211}\n- vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}\n- fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}\n- KVM: nVMX: do not use dangling shadow VMCS after guest reset (Paolo Bonzini) [Orabug: 31941096]\n- Revert 'usb: xhci: do not create and register shared_hcd when USB3.0 is disabled' (Thomas Tai) [Orabug: 31943628]\n- uek-rpm: Use oracle-armset-1 to build uekemb2 (Dave Kleikamp) [Orabug: 31950869]\n- block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955141] {CVE-2020-25641}\n- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979628]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-12T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12380", "CVE-2019-16089", "CVE-2019-19377", "CVE-2019-19448", "CVE-2020-14356", "CVE-2020-14385", "CVE-2020-14390", "CVE-2020-25211", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-26541", "CVE-2020-8694", "CVE-2020-8695"], "modified": "2020-11-12T00:00:00", "id": "ELSA-2020-5923", "href": "http://linux.oracle.com/errata/ELSA-2020-5923.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2021-07-30T06:24:52", "description": "[4.14.35-2025.402.2.1]\n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040805] {CVE-2020-8694} {CVE-2020-8695}\n[4.14.35-2025.402.2]\n- ocfs2: fix remounting needed after setfacl command (Gang He) \n- Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770] \n- drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349] \n- i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050] \n- bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757] \n- SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763] \n- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520] \n- qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276]\n[4.14.35-2025.402.1]\n- configfs: make ci_type field, some pointers and function arguments const (Bhumika Goyal) [Orabug: 32022427] \n- IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31596798] \n- hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989189] {CVE-2020-25643}\n- uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010303] \n- SUNRPC: Remove xprt_connect_status() again (John Donnelly) [Orabug: 32010341] \n- geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32014099] {CVE-2020-25645}\n- nvme-fc: fix double-free scenarios on hw queues (James Smart) [Orabug: 32019898] \n- xfs: fix warning: unused variable 'sb' (John Donnelly) [Orabug: 32010343] \n- nvme-pci: remove queue_count_ops for write_queues and poll_queues (Minwoo Im) [Orabug: 32010357] \n- nvme: Corrects warning: unused variable 'startka' (John Donnelly) [Orabug: 32010357] \n- uek-rpm: config-aarch64-embedded add fast_kexec (Henry Willard) [Orabug: 32010273] \n- arm64: kexec: Add optional fast shutdown for kexec (Henry Willard) [Orabug: 32010273] \n- ocfs2: remove unused ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 32007790] \n- rds: fixes warning: unused variable 'cache_sz_k' (John Donnelly) [Orabug: 32008320] \n- panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 32009003] \n- uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961118] \n- certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961118] \n- certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961118] \n- certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961118] {CVE-2020-26541}\n- Revert 'l2tp: initialise PPP sessions before registering them' (George Kennedy) [Orabug: 31906205] \n- btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265337] {CVE-2019-19377} {CVE-2019-19377} {CVE-2019-19377}\n- btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351023] {CVE-2019-19448} {CVE-2019-19448}\n- xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895824] {CVE-2020-14385}\n- net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31907603] \n- mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31907603] \n- mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aaron Lu) [Orabug: 31907603] \n- mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aaron Lu) [Orabug: 31907603] \n- ghes: Corrects: warning: unused variable 'vaddr' [-Wunused-variable] (John Donnelly) [Orabug: 31995830] \n- ACPI: properties: Implement get_match_data() callback (Sinan Kaya) [Orabug: 31995830] \n- blk-mq: warning: unused variable 'ctx' (John Donnelly) [Orabug: 31996284] \n- x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999336]\n[4.14.35-2025.402.0]\n- nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31351789] {CVE-2019-16089}\n- efi/x86/Add missing error handling to old_memmap 1:1 mapping code (Gen Zhang) [Orabug: 31351924] {CVE-2019-12380}\n- RDS: add module parameter to allow module unload or not (Hans Westgaard Ry) [Orabug: 31503865] \n- rds: Revert 'Disable module unload by default' (Hans Westgaard Ry) [Orabug: 31503865] \n- rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31521372] \n- EDAC/i10nm: Update driver to support different bus number config register offsets (Qiuxu Zhuo) [Orabug: 31645136] \n- EDAC, {skx,i10nm}: Make some configurations CPU model specific (Qiuxu Zhuo) [Orabug: 31645136] \n- mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31682346] \n- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722765] \n- KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722765] \n- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722765] \n- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722765] \n- cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779798] {CVE-2020-14356}\n- bpf: ensure helper ids match between UEK5, UEK6 and upstream (Alan Maguire) [Orabug: 31860453] \n- netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872862] {CVE-2020-25211}\n- vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}\n- fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}\n- KVM: nVMX: do not use dangling shadow VMCS after guest reset (Paolo Bonzini) [Orabug: 31941096] \n- Revert 'usb: xhci: do not create and register shared_hcd when USB3.0 is disabled' (Thomas Tai) [Orabug: 31943628] \n- uek-rpm: Use oracle-armset-1 to build uekemb2 (Dave Kleikamp) [Orabug: 31950869] \n- block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955141] {CVE-2020-25641}\n- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979628]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12380", "CVE-2019-16089", "CVE-2019-19377", "CVE-2019-19448", "CVE-2020-14356", "CVE-2020-14385", "CVE-2020-14390", "CVE-2020-25211", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-26541", "CVE-2020-8694", "CVE-2020-8695"], "modified": "2020-11-10T00:00:00", "id": "ELSA-2020-5913", "href": "http://linux.oracle.com/errata/ELSA-2020-5913.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}], "photon": [{"lastseen": "2022-05-12T18:55:09", "description": "Updates of ['linux', 'linux-secure', 'linux-aws', 'linux-rt'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-26T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0078", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541", "CVE-2021-35039"], "modified": "2021-07-26T00:00:00", "id": "PHSA-2021-0078", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-78", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-29T06:46:06", "description": "Updates of ['linux-rt', 'linux-aws', 'linux', 'linux-secure'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0078", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541", "CVE-2021-35039"], "modified": "2021-08-10T00:00:00", "id": "PHSA-2021-4.0-0078", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-78", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T18:39:44", "description": "Updates of ['redis', 'linux-rt', 'linux-esx', 'linux', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-19T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0316", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541", "CVE-2021-32672", "CVE-2021-34556", "CVE-2021-35477", "CVE-2021-40490", "CVE-2021-42252"], "modified": "2021-10-19T00:00:00", "id": "PHSA-2021-0316", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-316", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-29T08:05:00", "description": "Updates of ['linux-esx', 'linux-rt', 'redis', 'linux', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-19T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0316", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541", "CVE-2021-20320", "CVE-2021-32672", "CVE-2021-34556", "CVE-2021-35477", "CVE-2021-3743", "CVE-2021-3753", "CVE-2021-39633", "CVE-2021-40490", "CVE-2021-42252", "CVE-2022-20141"], "modified": "2021-10-19T00:00:00", "id": "PHSA-2021-3.0-0316", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-316", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T16:12:26", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-09-17T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0436", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10781", "CVE-2020-14385", "CVE-2020-26541", "CVE-2020-27835", "CVE-2020-35513", "CVE-2020-36310", "CVE-2020-36311", "CVE-2021-3653", "CVE-2021-3679", "CVE-2021-38204", "CVE-2021-40490", "CVE-2021-42008"], "modified": "2021-09-17T00:00:00", "id": "PHSA-2021-0436", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-436", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-25T14:21:20", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2666 advisory.\n\n - kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-08T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2021:2666)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2021-33034"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2021-2666.NASL", "href": "https://www.tenable.com/plugins/nessus/151454", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2666. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151454);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2020-26541\", \"CVE-2021-33034\");\n script_xref(name:\"RHSA\", value:\"2021:2666\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2021:2666)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2666 advisory.\n\n - kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1961305\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26541\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-33034\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 347, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-26541', 'CVE-2021-33034');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2666');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/appstream/debug',\n 'content/eus/rhel8/8.1/aarch64/appstream/os',\n 'content/eus/rhel8/8.1/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/baseos/debug',\n 'content/eus/rhel8/8.1/aarch64/baseos/os',\n 'content/eus/rhel8/8.1/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.1/aarch64/highavailability/os',\n 'content/eus/rhel8/8.1/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.1/aarch64/supplementary/os',\n 'content/eus/rhel8/8.1/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.1/ppc64le/appstream/os',\n 'content/eus/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.1/ppc64le/baseos/os',\n 'content/eus/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap/os',\n 'content/eus/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/appstream/debug',\n 'content/eus/rhel8/8.1/s390x/appstream/os',\n 'content/eus/rhel8/8.1/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/baseos/debug',\n 'content/eus/rhel8/8.1/s390x/baseos/os',\n 'content/eus/rhel8/8.1/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/highavailability/debug',\n 'content/eus/rhel8/8.1/s390x/highavailability/os',\n 'content/eus/rhel8/8.1/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/sap/debug',\n 'content/eus/rhel8/8.1/s390x/sap/os',\n 'content/eus/rhel8/8.1/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/supplementary/debug',\n 'content/eus/rhel8/8.1/s390x/supplementary/os',\n 'content/eus/rhel8/8.1/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-147.51.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-147.51.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-147.51.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-147.51.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-147.51.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-147.51.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-147.51.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-147.51.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-147.51.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.51.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-147.51.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-147.51.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-147.51.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-147.51.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.51.1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.51.1.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.51.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.51.1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.51.1.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.51.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-147.51.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-147.51.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-147.51.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-147.51.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-147.51.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-147.51.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-147.51.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:56", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2599 advisory.\n\n - kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-29T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2021:2599)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2021-33034"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2021-2599.NASL", "href": "https://www.tenable.com/plugins/nessus/151137", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2599. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151137);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-26541\", \"CVE-2021-33034\");\n script_xref(name:\"RHSA\", value:\"2021:2599\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2021:2599)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2599 advisory.\n\n - kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1961305\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26541\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-33034\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 347, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-26541', 'CVE-2021-33034');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2599');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-305.7.1.rt7.79.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-305.7.1.rt7.79.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-305.7.1.rt7.79.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-305.7.1.rt7.79.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-305.7.1.rt7.79.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-305.7.1.rt7.79.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-305.7.1.rt7.79.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-305.7.1.rt7.79.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-305.7.1.rt7.79.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-305.7.1.rt7.79.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-305.7.1.rt7.79.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-305.7.1.rt7.79.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-305.7.1.rt7.79.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:18", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2570 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel (ALSA-2021:2570)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2021-33034"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bpftool", "p-cpe:/a:alma:linux:kernel", "p-cpe:/a:alma:linux:kernel-abi-stablelists", "p-cpe:/a:alma:linux:kernel-core", "p-cpe:/a:alma:linux:kernel-cross-headers", "p-cpe:/a:alma:linux:kernel-debug", "p-cpe:/a:alma:linux:kernel-debug-core", "p-cpe:/a:alma:linux:kernel-debug-devel", "p-cpe:/a:alma:linux:kernel-debug-modules", "p-cpe:/a:alma:linux:kernel-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-devel", "p-cpe:/a:alma:linux:kernel-headers", "p-cpe:/a:alma:linux:kernel-modules", "p-cpe:/a:alma:linux:kernel-modules-extra", "p-cpe:/a:alma:linux:kernel-tools", "p-cpe:/a:alma:linux:kernel-tools-libs", "p-cpe:/a:alma:linux:kernel-tools-libs-devel", "p-cpe:/a:alma:linux:perf", "p-cpe:/a:alma:linux:python3-perf", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-2570.NASL", "href": "https://www.tenable.com/plugins/nessus/157473", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:2570.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157473);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2020-26541\", \"CVE-2021-33034\");\n script_xref(name:\"ALSA\", value:\"2021:2570\");\n\n script_name(english:\"AlmaLinux 8 : kernel (ALSA-2021:2570)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:2570 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an\n hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-2570.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26541\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-33034\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-26541', 'CVE-2021-33034');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2021:2570');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:58", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2570 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2021-2570)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2021-33034"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-stablelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2021-2570.NASL", "href": "https://www.tenable.com/plugins/nessus/151218", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2570.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151218);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2020-26541\", \"CVE-2021-33034\");\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2021-2570)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-2570 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an\n hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2570.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26541\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-33034\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-305.7.1.el8_4'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-2570');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-abi-stablelists-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-stablelists-4.18.0'},\n {'reference':'kernel-core-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-headers-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:18:55", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2570 advisory.\n\n - kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-29T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2021:2570)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2021-33034"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2021-2570.NASL", "href": "https://www.tenable.com/plugins/nessus/151138", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2570. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151138);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2020-26541\", \"CVE-2021-33034\");\n script_xref(name:\"RHSA\", value:\"2021:2570\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2021:2570)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2570 advisory.\n\n - kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1961305\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26541\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-33034\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 347, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-26541', 'CVE-2021-33034');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2570');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-305.7.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.7.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-305.7.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.7.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.7.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.7.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.7.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.7.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.7.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.7.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.7.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.7.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.7.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.7.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.7.1.el8_4', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.7.1.el8_4', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.7.1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.7.1.el8_4', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.7.1.el8_4', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.7.1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-305.7.1.el8_4', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-305.7.1.el8_4', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-305.7.1.el8_4', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-305.7.1.el8_4', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-305.7.1.el8_4', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.7.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.7.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-305.7.1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.7.1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-305.7.1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.7.1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.7.1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.7.1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.7.1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.7.1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.7.1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.7.1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.7.1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.7.1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.7.1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.7.1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.7.1.el8_4', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.7.1.el8_4', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.7.1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.7.1.el8_4', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.7.1.el8_4', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.7.1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-305.7.1.el8_4', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-305.7.1.el8_4', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-305.7.1.el8_4', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-305.7.1.el8_4', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-305.7.1.el8_4', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.7.1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.7.1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.7.1.el8_4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.7.1.el8_4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-305.7.1.el8_4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-305.7.1.el8_4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-305.7.1.el8_4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-305.7.1.el8_4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-305.7.1.el8_4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:19", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2570 advisory.\n\n - kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-03T00:00:00", "type": "nessus", "title": "CentOS 8 : kernel (CESA-2021:2570)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2021-33034"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-stablelists", "p-cpe:/a:centos:centos:kernel-core", "p-cpe:/a:centos:centos:kernel-cross-headers", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-core", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-debug-modules", "p-cpe:/a:centos:centos:kernel-debug-modules-extra", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-modules", "p-cpe:/a:centos:centos:kernel-modules-extra", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python3-perf"], "id": "CENTOS8_RHSA-2021-2570.NASL", "href": "https://www.tenable.com/plugins/nessus/151365", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:2570. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151365);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2020-26541\", \"CVE-2021-33034\");\n script_xref(name:\"RHSA\", value:\"2021:2570\");\n\n script_name(english:\"CentOS 8 : kernel (CESA-2021:2570)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:2570 advisory.\n\n - kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2570\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26541\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-33034\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-26541', 'CVE-2021-33034');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for CESA-2021:2570');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'bpftool-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:07", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2570 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : kernel (RLSA-2021:2570)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2021-33034"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:bpftool", "p-cpe:/a:rocky:linux:bpftool-debuginfo", "p-cpe:/a:rocky:linux:kernel", "p-cpe:/a:rocky:linux:kernel-abi-stablelists", "p-cpe:/a:rocky:linux:kernel-core", "p-cpe:/a:rocky:linux:kernel-cross-headers", "p-cpe:/a:rocky:linux:kernel-debug", "p-cpe:/a:rocky:linux:kernel-debug-core", "p-cpe:/a:rocky:linux:kernel-debug-debuginfo", "p-cpe:/a:rocky:linux:kernel-debug-devel", "p-cpe:/a:rocky:linux:kernel-debug-modules", "p-cpe:/a:rocky:linux:kernel-debug-modules-extra", "p-cpe:/a:rocky:linux:kernel-debuginfo", "p-cpe:/a:rocky:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:rocky:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:rocky:linux:kernel-devel", "p-cpe:/a:rocky:linux:kernel-headers", "p-cpe:/a:rocky:linux:kernel-modules", "p-cpe:/a:rocky:linux:kernel-modules-extra", "p-cpe:/a:rocky:linux:kernel-tools", "p-cpe:/a:rocky:linux:kernel-tools-debuginfo", "p-cpe:/a:rocky:linux:kernel-tools-libs", "p-cpe:/a:rocky:linux:kernel-tools-libs-devel", "p-cpe:/a:rocky:linux:perf", "p-cpe:/a:rocky:linux:perf-debuginfo", "p-cpe:/a:rocky:linux:python3-perf", "p-cpe:/a:rocky:linux:python3-perf-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2021-2570.NASL", "href": "https://www.tenable.com/plugins/nessus/157825", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2021:2570.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157825);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2020-26541\", \"CVE-2021-33034\");\n script_xref(name:\"RLSA\", value:\"2021:2570\");\n\n script_name(english:\"Rocky Linux 8 : kernel (RLSA-2021:2570)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2021:2570 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an\n hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2021:2570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1886285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1961305\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26541\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-33034\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-26541', 'CVE-2021-33034');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RLSA-2021:2570');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-305.7.1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-4.18.0-305.7.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-4.18.0-305.7.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / bpftool-debuginfo / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:54:36", "description": "The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2173-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. (CVE-2022-1974)\n\n - There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. (CVE-2022-1975)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-25T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2022:2173-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2022-1966", "CVE-2022-1974", "CVE-2022-1975"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-64kb", "p-cpe:/a:novell:suse_linux:kernel-64kb-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_76-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2173-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162539", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2173-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162539);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2020-26541\",\n \"CVE-2022-1966\",\n \"CVE-2022-1974\",\n \"CVE-2022-1975\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2173-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2022:2173-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by\nmultiple vulnerabilities as referenced in the SUSE-SU-2022:2173-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition\n between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN\n privilege to leak kernel information. (CVE-2022-1974)\n\n - There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by\n simulating a nfc device from user-space. (CVE-2022-1975)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200268\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1975\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011347.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7426697b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1966\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_76-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLED_SAP15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED_SAP15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'dlm-kmp-default-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'gfs2-kmp-default-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-default-livepatch-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-livepatch-5_3_18-150300_59_76-default-1-150300.7.5.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'s390x', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'s390x', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'ocfs2-kmp-default-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'cluster-md-kmp-default-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-ha-release-15.3', 'sles-release-15.3']},\n {'reference':'dlm-kmp-default-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-ha-release-15.3', 'sles-release-15.3']},\n {'reference':'gfs2-kmp-default-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-ha-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-livepatch-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-live-patching-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-live-patching-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-livepatch-5_3_18-150300_59_76-default-1-150300.7.5.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-live-patching-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'s390x', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'ocfs2-kmp-default-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-ha-release-15.3', 'sles-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.76.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:20:50", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2718 advisory.\n\n - kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n - kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541)\n\n - kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\n - kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-21T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2021:2718)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25704", "CVE-2020-26541", "CVE-2020-35508", "CVE-2021-33034", "CVE-2021-33909"], "modified": "2023-05-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel"], "id": "REDHAT-RHSA-2021-2718.NASL", "href": "https://www.tenable.com/plugins/nessus/151857", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2718. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151857);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-25704\",\n \"CVE-2020-26541\",\n \"CVE-2020-35508\",\n \"CVE-2021-33034\",\n \"CVE-2021-33909\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2718\");\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2021:2718)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2718 advisory.\n\n - kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n - kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541)\n\n - kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\n - kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1902724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1961305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970273\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33909\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(200, 347, 400, 401, 416, 665, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-25704', 'CVE-2020-26541', 'CVE-2020-35508', 'CVE-2021-33034', 'CVE-2021-33909');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2718');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-193.60.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-193.60.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-193.60.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-193.60.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-193.60.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-193.60.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-193.60.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-193.60.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-193.60.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-193.60.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-193.60.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-193.60.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-193.60.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-193.60.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.60.2.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.60.2.el8_2', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.60.2.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.60.2.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.60.2.el8_2', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.60.2.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-193.60.2.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-193.60.2.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-193.60.2.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-193.60.2.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-193.60.2.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-193.60.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-193.60.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:47", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2719 advisory.\n\n - kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n - kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541)\n\n - kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\n - kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-21T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2021:2719)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25704", "CVE-2020-26541", "CVE-2020-35508", "CVE-2021-33034", "CVE-2021-33909"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2021-2719.NASL", "href": "https://www.tenable.com/plugins/nessus/151856", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2719. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151856);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-25704\",\n \"CVE-2020-26541\",\n \"CVE-2020-35508\",\n \"CVE-2021-33034\",\n \"CVE-2021-33909\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2719\");\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2021:2719)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2719 advisory.\n\n - kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n - kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541)\n\n - kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\n - kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1902724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1961305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970273\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33909\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(200, 347, 400, 401, 416, 665, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-25704', 'CVE-2020-26541', 'CVE-2020-35508', 'CVE-2021-33034', 'CVE-2021-33909');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2719');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-193.60.2.rt13.112.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-193.60.2.rt13.112.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-193.60.2.rt13.112.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-193.60.2.rt13.112.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-193.60.2.rt13.112.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-193.60.2.rt13.112.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-193.60.2.rt13.112.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-193.60.2.rt13.112.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-193.60.2.rt13.112.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-193.60.2.rt13.112.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-193.60.2.rt13.112.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-193.60.2.rt13.112.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:42:48", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5106-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. (CVE-2021-22543)\n\n - ** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE:\n the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior.\n (CVE-2021-38160)\n\n - fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. (CVE-2021-38199)\n\n - loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation. (CVE-2021-41073)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-07T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5106-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2021-22543", "CVE-2021-3612", "CVE-2021-38160", "CVE-2021-38199", "CVE-2021-41073"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.10.0-1049-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.10.0-1049-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04b", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.10.0-1049-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04b", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.10.0-1049-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.10.0-1049-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04b", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10-headers-5.10.0-1049", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10-tools-5.10.0-1049", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.10.0-1049-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04b"], "id": "UBUNTU_USN-5106-1.NASL", "href": "https://www.tenable.com/plugins/nessus/153908", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5106-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153908);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2020-26541\",\n \"CVE-2021-3612\",\n \"CVE-2021-22543\",\n \"CVE-2021-38160\",\n \"CVE-2021-38199\",\n \"CVE-2021-41073\"\n );\n script_xref(name:\"USN\", value:\"5106-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5106-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5106-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions\n before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the\n system or possibly escalate their privileges on the system. The highest threat from this vulnerability is\n to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass\n RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users\n with the ability to start and control a VM to read/write random pages of memory and can result in local\n privilege escalation. (CVE-2021-22543)\n\n - ** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss\n can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE:\n the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the\n length validation was added solely for robustness in the face of anomalous host OS behavior.\n (CVE-2021-38160)\n\n - fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which\n allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for\n those servers to be unreachable during trunking detection. (CVE-2021-38199)\n\n - loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain\n privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by\n using /proc//maps for exploitation. (CVE-2021-41073)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5106-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41073\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.10.0-1049-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.10.0-1049-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.10.0-1049-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.10.0-1049-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.10.0-1049-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10-headers-5.10.0-1049\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10-tools-5.10.0-1049\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.10.0-1049-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04b\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-26541', 'CVE-2021-3612', 'CVE-2021-22543', 'CVE-2021-38160', 'CVE-2021-38199', 'CVE-2021-41073');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5106-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.10.0-1049-oem', 'pkgver': '5.10.0-1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.10.0-1049-oem', 'pkgver': '5.10.0-1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04', 'pkgver': '5.10.0.1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04-edge', 'pkgver': '5.10.0.1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04b', 'pkgver': '5.10.0.1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.10.0-1049-oem', 'pkgver': '5.10.0-1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04', 'pkgver': '5.10.0.1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04-edge', 'pkgver': '5.10.0.1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04b', 'pkgver': '5.10.0.1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.10.0-1049-oem', 'pkgver': '5.10.0-1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.10.0-1049-oem', 'pkgver': '5.10.0-1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04', 'pkgver': '5.10.0.1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04-edge', 'pkgver': '5.10.0.1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04b', 'pkgver': '5.10.0.1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.10-headers-5.10.0-1049', 'pkgver': '5.10.0-1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.10-tools-5.10.0-1049', 'pkgver': '5.10.0-1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.10-tools-host', 'pkgver': '5.10.0-1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.10.0-1049-oem', 'pkgver': '5.10.0-1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04', 'pkgver': '5.10.0.1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04-edge', 'pkgver': '5.10.0.1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04b', 'pkgver': '5.10.0.1049.51'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-buildinfo-5.10.0-1049-oem / linux-headers-5.10.0-1049-oem / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:18", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5912 advisory.\n\n - The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. (CVE-2016-7913)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability. (CVE-2016-7917)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-05T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5912)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7913", "CVE-2016-7917", "CVE-2019-19530", "CVE-2020-25211", "CVE-2020-25643", "CVE-2020-26541"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5912.NASL", "href": "https://www.tenable.com/plugins/nessus/142483", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5912.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142483);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2016-7913\",\n \"CVE-2016-7917\",\n \"CVE-2019-19530\",\n \"CVE-2020-25211\",\n \"CVE-2020-25643\",\n \"CVE-2020-26541\"\n );\n script_bugtraq_id(94147, 94201);\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5912)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5912 advisory.\n\n - The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6\n allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving\n omission of the firmware name from a certain data structure. (CVE-2016-7913)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not\n check whether a batch message's length field is large enough, which allows local users to obtain sensitive\n information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by\n leveraging the CAP_NET_ADMIN capability. (CVE-2016-7917)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5912.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7913\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.44.4.el6uek', '4.1.12-124.44.4.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5912');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.44.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.44.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.44.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.44.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.44.4.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.44.4.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.44.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.44.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.44.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.44.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.44.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.44.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-13T14:24:14", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5210-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-06T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5210-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2023-07-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-crashdump", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-headers-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-tools-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-headers-5.4.0-1057", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-tools-5.4.0-1057", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-headers-5.4.0-1057", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-tools-5.4.0-1057", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-cloud-tools-5.4.0-1029", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-headers-5.4.0-1029", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-tools-5.4.0-1029", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1010-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1029-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1048-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1051-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1057-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1059-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1059-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1061-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1065-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-92", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-92-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-92-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-92-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-5.4.0-92", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-headers-5.4.0-92", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-5.4.0-92", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-headers-5.4.0-1010", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-5.4.0-1010", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1010-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1029-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1048-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1051-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1057-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1059-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1059-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1065-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-92-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-92-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-92-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1010-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1029-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1051-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1057-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1059-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1059-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1061-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1065-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-92-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-92-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.4.0-1051", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.4.0-1051", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1010-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1029-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1048-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1051-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1057-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1059-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1059-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1061-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1065-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-92-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-92-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-92-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1010-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1029-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1057-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1059-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1059-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1061-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1065-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-92-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-headers-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-tools-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.4.0-1048", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.4.0-1048", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-source", "p-cpe:/a:canonical:ubuntu_linux:linux-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1010-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1029-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1048-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1051-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1057-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1059-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1059-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1061-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1065-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-92", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-92-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-92-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-92-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04-edge", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-cloud-tools-5.4.0-1061", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-headers-5.4.0-1061", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-tools-5.4.0-1061", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.4.0-1061", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.4.0-1061", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.4.0-1061", "p-cpe:/a:canonical:ubuntu_linux:linux-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-cloud-tools-5.4.0-1065", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-headers-5.4.0-1065", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-tools-5.4.0-1065", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.4.0-1065", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.4.0-1065", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.4.0-1065", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1010-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1029-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1048-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1051-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1057-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1059-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1059-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1061-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1065-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-92-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-92-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-92-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1029-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1061-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1065-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-92", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-92-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-92-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04"], "id": "UBUNTU_USN-5210-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156481", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5210-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156481);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/12\");\n\n script_cve_id(\n \"CVE-2020-26541\",\n \"CVE-2021-3760\",\n \"CVE-2021-4002\",\n \"CVE-2021-20321\",\n \"CVE-2021-41864\",\n \"CVE-2021-43056\",\n \"CVE-2021-43389\"\n );\n script_xref(name:\"USN\", value:\"5210-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5210-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5210-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat\n to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users\n do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5210-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3760\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-41864\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-cloud-tools-5.4.0-1061\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-headers-5.4.0-1061\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-tools-5.4.0-1061\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.4.0-1061\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.4.0-1061\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.4.0-1061\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-cloud-tools-5.4.0-1065\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-headers-5.4.0-1065\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-tools-5.4.0-1065\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.4.0-1065\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.4.0-1065\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.4.0-1065\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1010-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1029-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1048-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1051-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1057-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1059-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1059-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1061-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1065-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-92-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-92-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-92-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1029-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1061-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1065-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-92\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-92-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-92-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-crashdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-headers-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-tools-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-headers-5.4.0-1057\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-tools-5.4.0-1057\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-headers-5.4.0-1057\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-tools-5.4.0-1057\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-cloud-tools-5.4.0-1029\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-headers-5.4.0-1029\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-tools-5.4.0-1029\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1010-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1029-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1048-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1051-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1057-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1059-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1059-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1061-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1065-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-92\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-92-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-92-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-92-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-5.4.0-92\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-headers-5.4.0-92\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-5.4.0-92\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-headers-5.4.0-1010\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-5.4.0-1010\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1010-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1029-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1048-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1051-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1057-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1059-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1059-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1065-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-92-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-92-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-92-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1010-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1029-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1051-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1057-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1059-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1059-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1061-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1065-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-92-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-92-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.4.0-1051\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.4.0-1051\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1010-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1029-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1048-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1051-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1057-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1059-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1059-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1061-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1065-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-92-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-92-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-92-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1010-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1029-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1057-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1059-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1059-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1061-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1065-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-92-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-headers-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-tools-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.4.0-1048\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.4.0-1048\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1010-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1029-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1048-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1051-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1057-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1059-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1059-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1061-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1065-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-92\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-92-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-92-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-92-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'linux-aws', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-aws-5.4-cloud-tools-5.4.0-1061', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-aws-5.4-headers-5.4.0-1061', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-aws-5.4-tools-5.4.0-1061', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-aws-edge', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-azure', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-azure-5.4-cloud-tools-5.4.0-1065', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-azure-5.4-headers-5.4.0-1065', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-azure-5.4-tools-5.4.0-1065', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-azure-edge', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-92-generic', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-92-generic', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-azure', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-azure-edge', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-gkeop-5.4', 'pkgver': '5.4.0.1029.30~18.04.30'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-gcp', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-5.4-headers-5.4.0-1059', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-5.4-tools-5.4.0-1059', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-edge', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-generic-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-gke-5.4', 'pkgver': '5.4.0.1057.60~18.04.22'},\n {'osver': '18.04', 'pkgname': 'linux-gke-5.4-headers-5.4.0-1057', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gke-5.4-tools-5.4.0-1057', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4', 'pkgver': '5.4.0.1029.30~18.04.30'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-cloud-tools-5.4.0-1029', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-headers-5.4.0-1029', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-source-5.4.0', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-tools-5.4.0-1029', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-92-generic', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-headers-aws', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-headers-aws-edge', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-headers-azure', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-headers-azure-edge', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gcp', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gcp-edge', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gke-5.4', 'pkgver': '5.4.0.1057.60~18.04.22'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gkeop-5.4', 'pkgver': '5.4.0.1029.30~18.04.30'},\n {'osver': '18.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oem', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oem-osp1', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oracle', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oracle-edge', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-headers-snapdragon-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-virtual-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-cloud-tools-5.4.0-92', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-cloud-tools-common', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-headers-5.4.0-92', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-source-5.4.0', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-tools-5.4.0-92', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-tools-common', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-92-generic', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws-edge', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-edge', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke-5.4', 'pkgver': '5.4.0.1057.60~18.04.22'},\n {'osver': '18.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1029.30~18.04.30'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-edge', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-92-generic', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-92-generic', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-92-generic', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-aws', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-aws-edge', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-azure', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-azure-edge', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gcp', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gcp-edge', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gke-5.4', 'pkgver': '5.4.0.1057.60~18.04.22'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gkeop-5.4', 'pkgver': '5.4.0.1029.30~18.04.30'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-oracle', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-oracle-edge', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-virtual-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-oem', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-oem-osp1', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-oracle', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-5.4-headers-5.4.0-1059', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-5.4-tools-5.4.0-1059', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-edge', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-signed-azure', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-signed-azure-edge', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-azure', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-azure-edge', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-oracle', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-oracle-edge', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-signed-oracle', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-signed-oracle-edge', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-snapdragon-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-92-generic', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-tools-aws', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-tools-aws-edge', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-tools-azure', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-tools-azure-edge', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gcp', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gcp-edge', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gke-5.4', 'pkgver': '5.4.0.1057.60~18.04.22'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gkeop-5.4', 'pkgver': '5.4.0.1029.30~18.04.30'},\n {'osver': '18.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oem', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oem-osp1', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oracle', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oracle-edge', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-tools-snapdragon-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-virtual-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '20.04', 'pkgname': 'linux-aws-cloud-tools-5.4.0-1061', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-aws-headers-5.4.0-1061', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-aws-lts-20.04', 'pkgver': '5.4.0.1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-aws-tools-5.4.0-1061', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-azure-cloud-tools-5.4.0-1065', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-azure-headers-5.4.0-1065', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-azure-lts-20.04', 'pkgver': '5.4.0.1065.63'},\n {'osver': '20.04', 'pkgname': 'linux-azure-tools-5.4.0-1065', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-bluefield', 'pkgver': '5.4.0.1023.24'},\n {'osver': '20.04', 'pkgname': 'linux-bluefield-headers-5.4.0-1023', 'pkgver': '5.4.0-1023.26'},\n {'osver': '20.04', 'pkgname': 'linux-bluefield-tools-5.4.0-1023', 'pkgver': '5.4.0-1023.26'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1010-ibm', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1023-bluefield', 'pkgver': '5.4.0-1023.26'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1048-raspi', 'pkgver': '5.4.0-1048.53'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1051-kvm', 'pkgver': '5.4.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-92-generic', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-92', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-92-generic', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-azure-lts-20.04', 'pkgver': '5.4.0.1065.63'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-common', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-gkeop', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-gkeop-5.4', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-crashdump', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-headers-5.4.0-1059', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-lts-20.04', 'pkgver': '5.4.0.1059.69'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-tools-5.4.0-1059', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-generic', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-generic-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-gke', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-gke-5.4', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-gke-headers-5.4.0-1057', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-gke-tools-5.4.0-1057', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-5.4', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-cloud-tools-5.4.0-1029', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-headers-5.4.0-1029', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-source-5.4.0', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-tools-5.4.0-1029', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1010-ibm', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1023-bluefield', 'pkgver': '5.4.0-1023.26'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1048-raspi', 'pkgver': '5.4.0-1048.53'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1051-kvm', 'pkgver': '5.4.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-92', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-92-generic', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-headers-aws-lts-20.04', 'pkgver': '5.4.0.1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-headers-azure-lts-20.04', 'pkgver': '5.4.0.1065.63'},\n {'osver': '20.04', 'pkgname': 'linux-headers-bluefield', 'pkgver': '5.4.0.1023.24'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gcp-lts-20.04', 'pkgver': '5.4.0.1059.69'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gke', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gke-5.4', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gkeop', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gkeop-5.4', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-headers-ibm', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-headers-ibm-lts-20.04', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-headers-kvm', 'pkgver': '5.4.0.1051.50'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-osp1', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oracle-lts-20.04', 'pkgver': '5.4.0.1059.59'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi-hwe-18.04', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi2', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi2-hwe-18.04', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-ibm', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-cloud-tools-common', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-headers-5.4.0-1010', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-lts-20.04', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-source-5.4.0', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-tools-5.4.0-1010', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-tools-common', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1010-ibm', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1023-bluefield', 'pkgver': '5.4.0-1023.26'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1048-raspi', 'pkgver': '5.4.0-1048.53'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1051-kvm', 'pkgver': '5.4.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-92-generic', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws-lts-20.04', 'pkgver': '5.4.0.1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure-lts-20.04', 'pkgver': '5.4.0.1065.63'},\n {'osver': '20.04', 'pkgname': 'linux-image-bluefield', 'pkgver': '5.4.0.1023.24'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp-lts-20.04', 'pkgver': '5.4.0.1059.69'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-gke', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-image-gke-5.4', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-image-gkeop', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-ibm', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-image-ibm-lts-20.04', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-image-kvm', 'pkgver': '5.4.0.1051.50'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle-lts-20.04', 'pkgver': '5.4.0.1059.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi-hwe-18.04', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2-hwe-18.04', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1010-ibm', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1023-bluefield', 'pkgver': '5.4.0-1023.26'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1051-kvm', 'pkgver': '5.4.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-92-generic', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-kvm', 'pkgver': '5.4.0.1051.50'},\n {'osver': '20.04', 'pkgname': 'linux-kvm-headers-5.4.0-1051', 'pkgver': '5.4.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-kvm-tools-5.4.0-1051', 'pkgver': '5.4.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-libc-dev', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1010-ibm', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1023-bluefield', 'pkgver': '5.4.0-1023.26'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1048-raspi', 'pkgver': '5.4.0-1048.53'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1051-kvm', 'pkgver': '5.4.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-92-generic', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1010-ibm', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-92-generic', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-aws-lts-20.04', 'pkgver': '5.4.0.1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-azure-lts-20.04', 'pkgver': '5.4.0.1065.63'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gcp-lts-20.04', 'pkgver': '5.4.0.1059.69'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gke', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gke-5.4', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gkeop', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gkeop-5.4', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-ibm', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-ibm-lts-20.04', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-oem', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-oem-osp1', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-oem-osp1-tools-host', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-oem-tools-host', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-headers-5.4.0-1059', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-lts-20.04', 'pkgver': '5.4.0.1059.59'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-tools-5.4.0-1059', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-raspi', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-raspi-headers-5.4.0-1048', 'pkgver': '5.4.0-1048.53'},\n {'osver': '20.04', 'pkgname': 'linux-raspi-hwe-18.04', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-raspi-tools-5.4.0-1048', 'pkgver': '5.4.0-1048.53'},\n {'osver': '20.04', 'pkgname': 'linux-raspi2', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-raspi2-hwe-18.04', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-source', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-source-5.4.0', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1010-ibm', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1023-bluefield', 'pkgver': '5.4.0-1023.26'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1048-raspi', 'pkgver': '5.4.0-1048.53'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1051-kvm', 'pkgver': '5.4.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-92', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-92-generic', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-tools-aws-lts-20.04', 'pkgver': '5.4.0.1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-tools-azure-lts-20.04', 'pkgver': '5.4.0.1065.63'},\n {'osver': '20.04', 'pkgname': 'linux-tools-bluefield', 'pkgver': '5.4.0.1023.24'},\n {'osver': '20.04', 'pkgname': 'linux-tools-common', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gcp-lts-20.04', 'pkgver': '5.4.0.1059.69'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gke', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gke-5.4', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gkeop', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gkeop-5.4', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-tools-host', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-tools-ibm', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-tools-ibm-lts-20.04', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-tools-kvm', 'pkgver': '5.4.0.1051.50'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-osp1', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oracle-lts-20.04', 'pkgver': '5.4.0.1059.59'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi-hwe-18.04', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi2', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi2-hwe-18.04', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-virtual', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-virtual-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-aws / linux-aws-5.4-cloud-tools-5.4.0-1061 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-30T16:44:32", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2172-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)\n\n - A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. (CVE-2022-1974)\n\n - There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. (CVE-2022-1975)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-25T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2172-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2022-1012", "CVE-2022-1966", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-20141", "CVE-2022-32250"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2172-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162538", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2172-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162538);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2020-26541\",\n \"CVE-2022-1012\",\n \"CVE-2022-1966\",\n \"CVE-2022-1974\",\n \"CVE-2022-1975\",\n \"CVE-2022-20141\",\n \"CVE-2022-32250\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2172-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2172-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2172-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the\n small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of\n service problem. (CVE-2022-1012)\n\n - A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition\n between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN\n privilege to leak kernel information. (CVE-2022-1974)\n\n - There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by\n simulating a nfc device from user-space. (CVE-2022-1975)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32250\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011346.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ca7492b1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32250\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-5.3.18-150300.38.62.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-azure-devel-5.3.18-150300.38.62.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-devel-azure-5.3.18-150300.38.62.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-source-azure-5.3.18-150300.38.62.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-syms-azure-5.3.18-150300.38.62.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'kernel-azure-5.3.18-150300.38.62.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-azure-devel-5.3.18-150300.38.62.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-azure-5.3.18-150300.38.62.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-azure-5.3.18-150300.38.62.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-azure-5.3.18-150300.38.62.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-devel / kernel-devel-azure / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:55", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5120-1 advisory.\n\n - In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated). (CVE-2019-19449)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184. (CVE-2020-36311)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. (CVE-2021-22543)\n\n - fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. (CVE-2021-38199)\n\n - drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes. (CVE-2021-38207)\n\n - A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. (CVE-2021-40490)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-22T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (Azure) vulnerabilities (USN-5120-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19449", "CVE-2020-26541", "CVE-2020-36311", "CVE-2021-22543", "CVE-2021-3612", "CVE-2021-3759", "CVE-2021-38199", "CVE-2021-38207", "CVE-2021-40490"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8-cloud-tools-5.8.0-1043", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8-headers-5.8.0-1043", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8-tools-5.8.0-1043", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.8.0-1043-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.8.0-1043-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.8.0-1043-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1043-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.8.0-1043-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.8.0-1043-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.8.0-1043-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.8.0-1043-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure"], "id": "UBUNTU_USN-5120-1.NASL", "href": "https://www.tenable.com/plugins/nessus/154338", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5120-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154338);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2019-19449\",\n \"CVE-2020-26541\",\n \"CVE-2020-36311\",\n \"CVE-2021-3612\",\n \"CVE-2021-3759\",\n \"CVE-2021-22543\",\n \"CVE-2021-38199\",\n \"CVE-2021-38207\",\n \"CVE-2021-40490\"\n );\n script_xref(name:\"USN\", value:\"5120-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (Azure) vulnerabilities (USN-5120-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5120-1 advisory.\n\n - In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read\n access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in\n fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated). (CVE-2019-19449)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a\n denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering\n many encrypted regions), aka CID-7be74942f184. (CVE-2020-36311)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions\n before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the\n system or possibly escalate their privileges on the system. The highest threat from this vulnerability is\n to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass\n RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users\n with the ability to start and control a VM to read/write random pages of memory and can result in local\n privilege escalation. (CVE-2021-22543)\n\n - fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which\n allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for\n those servers to be unreachable during trunking detection. (CVE-2021-38199)\n\n - drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to\n cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten\n minutes. (CVE-2021-38207)\n\n - A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in\n the Linux kernel through 5.13.13. (CVE-2021-40490)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5120-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3612\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8-cloud-tools-5.8.0-1043\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8-headers-5.8.0-1043\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8-tools-5.8.0-1043\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.8.0-1043-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.8.0-1043-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.8.0-1043-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1043-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.8.0-1043-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.8.0-1043-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.8.0-1043-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.8.0-1043-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-19449', 'CVE-2020-26541', 'CVE-2020-36311', 'CVE-2021-3612', 'CVE-2021-3759', 'CVE-2021-22543', 'CVE-2021-38199', 'CVE-2021-38207', 'CVE-2021-40490');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5120-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'linux-azure', 'pkgver': '5.8.0.1043.46~20.04.15'},\n {'osver': '20.04', 'pkgname': 'linux-azure-5.8-cloud-tools-5.8.0-1043', 'pkgver': '5.8.0-1043.46~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-azure-5.8-headers-5.8.0-1043', 'pkgver': '5.8.0-1043.46~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-azure-5.8-tools-5.8.0-1043', 'pkgver': '5.8.0-1043.46~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.8.0-1043-azure', 'pkgver': '5.8.0-1043.46~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.8.0-1043-azure', 'pkgver': '5.8.0-1043.46~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-azure', 'pkgver': '5.8.0.1043.46~20.04.15'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.8.0-1043-azure', 'pkgver': '5.8.0-1043.46~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-azure', 'pkgver': '5.8.0.1043.46~20.04.15'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-1043-azure', 'pkgver': '5.8.0-1043.46~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.8.0.1043.46~20.04.15'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.8.0-1043-azure', 'pkgver': '5.8.0-1043.46~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.8.0-1043-azure', 'pkgver': '5.8.0-1043.46~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.8.0-1043-azure', 'pkgver': '5.8.0-1043.46~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-azure', 'pkgver': '5.8.0.1043.46~20.04.15'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.8.0-1043-azure', 'pkgver': '5.8.0-1043.46~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-azure', 'pkgver': '5.8.0.1043.46~20.04.15'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-azure / linux-azure-5.8-cloud-tools-5.8.0-1043 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:14", "description": "The remote Ubuntu 20.04 LTS / 21.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5070-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. (CVE-2021-22543)\n\n - net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (CVE-2021-34693)\n\n - arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault. (CVE-2021-38198)\n\n - arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of service (perf_instruction_pointer NULL pointer dereference and OOPS) via a perf record command. (CVE-2021-38200)\n\n - The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used, allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser) by injecting a frame with 802.11a rates. (CVE-2021-38206)\n\n - drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes. (CVE-2021-38207)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-09T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 21.04 : Linux kernel vulnerabilities (USN-5070-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2021-22543", "CVE-2021-34693", "CVE-2021-3612", "CVE-2021-3653", "CVE-2021-3656", "CVE-2021-38198", "CVE-2021-38200", "CVE-2021-38206", "CVE-2021-38207"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:21.04", "p-cpe:/a:canonical:ubuntu_linux:linux-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11-cloud-tools-5.11.0-1017", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11-headers-5.11.0-1017", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11-tools-5.11.0-1017", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.11.0-1017", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.11.0-1017", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.11.0-1017", "p-cpe:/a:canonical:ubuntu_linux:linux-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11-cloud-tools-5.11.0-1015", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1015-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1015-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1017-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1017-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1017-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1017-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1018-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-34", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-34-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-34-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-34-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-34-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-cloud-tools-5.11.0-34", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-headers-5.11.0-34", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-source-5.11.0", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-tools-5.11.0-34", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1015-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1015-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1017-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1017-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1017-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1017-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1018-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-34-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-34-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-34-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-34-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-1015-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-1017-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-1017-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-1018-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-34-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11-headers-5.11.0-1017", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11-tools-5.11.0-1017", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.11.0-1017", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.11.0-1017", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.11.0-1017", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.11.0-1017", "p-cpe:/a:canonical:ubuntu_linux:linux-source", "p-cpe:/a:canonical:ubuntu_linux:linux-source-5.11.0", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1015-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1015-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1017-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1017-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1017-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1017-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1018-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-34", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-34-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-34-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-34-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-34-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11-headers-5.11.0-1015", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11-tools-5.11.0-1015", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.11.0-1015", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.11.0-1015", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.11.0-1015", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1015-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1015-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1017-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1017-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1017-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1017-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1018-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-34-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-34-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-34-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-34-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-1015-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-1017-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-34", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-34-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-34-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-crashdump", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.11.0-1018", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.11.0-1018", "p-cpe:/a:canonical:ubuntu_linux:linux-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1017-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1018-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-34-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-34-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-34-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-34-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-1015-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-1015-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-1017-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-1018-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-34-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-34-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-34-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.11.0-1015", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.11.0-1015", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1015-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1015-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1017-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1017-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1017-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-20.04-edge"], "id": "UBUNTU_USN-5070-1.NASL", "href": "https://www.tenable.com/plugins/nessus/153174", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5070-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153174);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2020-26541\",\n \"CVE-2021-3612\",\n \"CVE-2021-3653\",\n \"CVE-2021-3656\",\n \"CVE-2021-22543\",\n \"CVE-2021-34693\",\n \"CVE-2021-38198\",\n \"CVE-2021-38200\",\n \"CVE-2021-38206\",\n \"CVE-2021-38207\"\n );\n script_xref(name:\"USN\", value:\"5070-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 21.04 : Linux kernel vulnerabilities (USN-5070-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 21.04 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5070-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions\n before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the\n system or possibly escalate their privileges on the system. The highest threat from this vulnerability is\n to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass\n RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users\n with the ability to start and control a VM to read/write random pages of memory and can result in local\n privilege escalation. (CVE-2021-22543)\n\n - net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from\n kernel stack memory because parts of a data structure are uninitialized. (CVE-2021-34693)\n\n - arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access\n permissions of a shadow page, leading to a missing guest protection page fault. (CVE-2021-38198)\n\n - arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1\n and no specific PMU driver support registered, allows local users to cause a denial of service\n (perf_instruction_pointer NULL pointer dereference and OOPS) via a perf record command. (CVE-2021-38200)\n\n - The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used,\n allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser) by\n injecting a frame with 802.11a rates. (CVE-2021-38206)\n\n - drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to\n cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten\n minutes. (CVE-2021-38207)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5070-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3656\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11-cloud-tools-5.11.0-1017\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11-headers-5.11.0-1017\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11-tools-5.11.0-1017\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.11.0-1017\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.11.0-1017\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.11.0-1017\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11-cloud-tools-5.11.0-1015\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11-headers-5.11.0-1015\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11-tools-5.11.0-1015\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.11.0-1015\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.11.0-1015\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.11.0-1015\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1015-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1015-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1017-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1017-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1017-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1017-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1018-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-34-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-34-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-34-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-34-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-1015-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-1017-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-34-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-34-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-crashdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.11.0-1018\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.11.0-1018\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1015-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1015-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1017-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1017-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1017-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1017-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1018-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-34-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-34-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-34-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-34-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-cloud-tools-5.11.0-34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-headers-5.11.0-34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-source-5.11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-tools-5.11.0-34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1015-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1015-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1017-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1017-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1017-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1017-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1018-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-34-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-34-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-34-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-34-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-1015-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-1015-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-1017-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-1018-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-34-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-34-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-34-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.11.0-1015\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.11.0-1015\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1015-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1015-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1017-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1017-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1017-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1017-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1018-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-34-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-34-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-34-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-34-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-1015-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-1017-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-1017-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-1018-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-34-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11-headers-5.11.0-1017\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11-tools-5.11.0-1017\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.11.0-1017\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.11.0-1017\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.11.0-1017\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.11.0-1017\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-5.11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1015-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1015-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1017-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1017-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1017-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1017-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1018-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-34-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-34-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-34-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-34-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-20.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04|21\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 21.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-26541', 'CVE-2021-3612', 'CVE-2021-3653', 'CVE-2021-3656', 'CVE-2021-22543', 'CVE-2021-34693', 'CVE-2021-38198', 'CVE-2021-38200', 'CVE-2021-38206', 'CVE-2021-38207');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5070-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'linux-aws', 'pkgver': '5.11.0.1017.18~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-aws-5.11-cloud-tools-5.11.0-1017', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-aws-5.11-headers-5.11.0-1017', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-aws-5.11-tools-5.11.0-1017', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-aws-edge', 'pkgver': '5.11.0.1017.18~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-azure-5.11-cloud-tools-5.11.0-1015', 'pkgver': '5.11.0-1015.16~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-azure-5.11-headers-5.11.0-1015', 'pkgver': '5.11.0-1015.16~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-azure-5.11-tools-5.11.0-1015', 'pkgver': '5.11.0-1015.16~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-azure-edge', 'pkgver': '5.11.0.1015.16~20.04.14'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.11.0-1015-azure', 'pkgver': '5.11.0-1015.16~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.11.0-1017-aws', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.11.0-1017-oracle', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.11.0-34-generic', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.11.0-34-generic-64k', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.11.0-34-generic-lpae', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.11.0-34-lowlatency', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.11.0-1015-azure', 'pkgver': '5.11.0-1015.16~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.11.0-1017-aws', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.11.0-34-generic', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.11.0-34-lowlatency', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-azure-edge', 'pkgver': '5.11.0.1015.16~20.04.14'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-generic-64k-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-generic-64k-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-generic-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-generic-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.11.0-1015-azure', 'pkgver': '5.11.0-1015.16~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.11.0-1017-aws', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.11.0-1017-oracle', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.11.0-34-generic', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.11.0-34-generic-64k', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.11.0-34-generic-lpae', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.11.0-34-lowlatency', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-aws', 'pkgver': '5.11.0.1017.18~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-headers-aws-edge', 'pkgver': '5.11.0.1017.18~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-headers-azure-edge', 'pkgver': '5.11.0.1015.16~20.04.14'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-64k-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-64k-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oracle', 'pkgver': '5.11.0.1017.18~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oracle-edge', 'pkgver': '5.11.0.1017.18~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.11-cloud-tools-5.11.0-34', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.11-cloud-tools-common', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.11-headers-5.11.0-34', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.11-source-5.11.0', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.11-tools-5.11.0-34', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.11-tools-common', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.11-tools-host', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.11.0-1015-azure', 'pkgver': '5.11.0-1015.16~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.11.0-1017-aws', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.11.0-1017-oracle', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.11.0-34-generic', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.11.0-34-generic-64k', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.11.0-34-generic-lpae', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.11.0-34-lowlatency', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.11.0.1017.18~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws-edge', 'pkgver': '5.11.0.1017.18~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '5.11.0.1015.16~20.04.14'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-64k-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.11.0.1017.18~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle-edge', 'pkgver': '5.11.0.1017.18~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.11.0-1015-azure', 'pkgver': '5.11.0-1015.16~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.11.0-1017-oracle', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.11.0-34-generic', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.11.0-34-generic-64k', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.11.0-34-lowlatency', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.11.0-1015-azure', 'pkgver': '5.11.0-1015.16~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.11.0-1017-aws', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.11.0-1017-oracle', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.11.0-34-generic', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.11.0-34-generic-64k', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.11.0-34-generic-lpae', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.11.0-34-lowlatency', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.11.0-1015-azure', 'pkgver': '5.11.0-1015.16~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.11.0-1017-aws', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.11.0-1017-oracle', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.11.0-34-generic', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-aws', 'pkgver': '5.11.0.1017.18~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-aws-edge', 'pkgver': '5.11.0.1017.18~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-azure-edge', 'pkgver': '5.11.0.1015.16~20.04.14'},\n {'osver': '20.04', 'pkgname': 'linux-oracle', 'pkgver': '5.11.0.1017.18~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-5.11-headers-5.11.0-1017', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-5.11-tools-5.11.0-1017', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-edge', 'pkgver': '5.11.0.1017.18~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.11.0-1015-azure', 'pkgver': '5.11.0-1015.16~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.11.0-1017-aws', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.11.0-1017-oracle', 'pkgver': '5.11.0-1017.18~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.11.0-34-generic', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.11.0-34-generic-64k', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.11.0-34-generic-lpae', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.11.0-34-lowlatency', 'pkgver': '5.11.0-34.36~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-aws', 'pkgver': '5.11.0.1017.18~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-tools-aws-edge', 'pkgver': '5.11.0.1017.18~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-tools-azure-edge', 'pkgver': '5.11.0.1015.16~20.04.14'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-64k-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-64k-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oracle', 'pkgver': '5.11.0.1017.18~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oracle-edge', 'pkgver': '5.11.0.1017.18~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-virtual-hwe-20.04', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '20.04', 'pkgname': 'linux-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.34.36~20.04.13'},\n {'osver': '21.04', 'pkgname': 'linux-aws', 'pkgver': '5.11.0.1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-aws-cloud-tools-5.11.0-1017', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-aws-headers-5.11.0-1017', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-aws-tools-5.11.0-1017', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-azure', 'pkgver': '5.11.0.1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-azure-cloud-tools-5.11.0-1015', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-azure-headers-5.11.0-1015', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-azure-tools-5.11.0-1015', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-1015-azure', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-1015-kvm', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-1017-aws', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-1017-oracle', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-1017-raspi', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-1017-raspi-nolpae', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-1018-gcp', 'pkgver': '5.11.0-1018.20'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-34-generic', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-34-generic-64k', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-34-generic-lpae', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-34-lowlatency', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-5.11.0-1015-azure', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-5.11.0-1017-aws', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-5.11.0-34', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-5.11.0-34-generic', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-5.11.0-34-lowlatency', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-azure', 'pkgver': '5.11.0.1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-common', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-generic', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-generic-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-generic-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-lowlatency', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-virtual', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-crashdump', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-gcp', 'pkgver': '5.11.0.1018.18'},\n {'osver': '21.04', 'pkgname': 'linux-gcp-headers-5.11.0-1018', 'pkgver': '5.11.0-1018.20'},\n {'osver': '21.04', 'pkgname': 'linux-gcp-tools-5.11.0-1018', 'pkgver': '5.11.0-1018.20'},\n {'osver': '21.04', 'pkgname': 'linux-generic', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-generic-64k', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-generic-64k-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-generic-64k-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-generic-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-generic-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-generic-lpae', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-generic-lpae-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-generic-lpae-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-gke', 'pkgver': '5.11.0.1018.18'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-1015-azure', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-1015-kvm', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-1017-aws', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-1017-oracle', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-1017-raspi', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-1017-raspi-nolpae', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-1018-gcp', 'pkgver': '5.11.0-1018.20'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-34', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-34-generic', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-34-generic-64k', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-34-generic-lpae', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-34-lowlatency', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-aws', 'pkgver': '5.11.0.1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-headers-azure', 'pkgver': '5.11.0.1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-headers-gcp', 'pkgver': '5.11.0.1018.18'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic-64k', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic-64k-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic-64k-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic-lpae', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic-lpae-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic-lpae-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-gke', 'pkgver': '5.11.0.1018.18'},\n {'osver': '21.04', 'pkgname': 'linux-headers-kvm', 'pkgver': '5.11.0.1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-headers-lowlatency', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-lowlatency-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-lowlatency-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-oem-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-oracle', 'pkgver': '5.11.0.1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-headers-raspi', 'pkgver': '5.11.0.1017.15'},\n {'osver': '21.04', 'pkgname': 'linux-headers-raspi-nolpae', 'pkgver': '5.11.0.1017.15'},\n {'osver': '21.04', 'pkgname': 'linux-headers-virtual', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-virtual-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-headers-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-1015-azure', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-1015-kvm', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-1017-aws', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-1017-oracle', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-1017-raspi', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-1017-raspi-nolpae', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-1018-gcp', 'pkgver': '5.11.0-1018.20'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-34-generic', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-34-generic-64k', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-34-generic-lpae', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-34-lowlatency', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.11.0.1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.11.0.1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-image-extra-virtual', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-extra-virtual-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-extra-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.11.0.1018.18'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic-64k', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic-64k-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-gke', 'pkgver': '5.11.0.1018.18'},\n {'osver': '21.04', 'pkgname': 'linux-image-kvm', 'pkgver': '5.11.0.1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-oem-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.11.0.1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-image-raspi', 'pkgver': '5.11.0.1017.15'},\n {'osver': '21.04', 'pkgname': 'linux-image-raspi-nolpae', 'pkgver': '5.11.0.1017.15'},\n {'osver': '21.04', 'pkgname': 'linux-image-unsigned-5.11.0-1015-azure', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-image-unsigned-5.11.0-1015-kvm', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-image-unsigned-5.11.0-1017-oracle', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-image-unsigned-5.11.0-1018-gcp', 'pkgver': '5.11.0-1018.20'},\n {'osver': '21.04', 'pkgname': 'linux-image-unsigned-5.11.0-34-generic', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-unsigned-5.11.0-34-generic-64k', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-unsigned-5.11.0-34-lowlatency', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-virtual', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-image-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-kvm', 'pkgver': '5.11.0.1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-kvm-headers-5.11.0-1015', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-kvm-tools-5.11.0-1015', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-libc-dev', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-lowlatency', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-lowlatency-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-lowlatency-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-1015-azure', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-1015-kvm', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-1017-aws', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-1017-oracle', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-1017-raspi', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-1017-raspi-nolpae', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-1018-gcp', 'pkgver': '5.11.0-1018.20'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-34-generic', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-34-generic-64k', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-34-generic-lpae', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-34-lowlatency', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-5.11.0-1015-azure', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-5.11.0-1017-aws', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-5.11.0-1017-oracle', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-5.11.0-1018-gcp', 'pkgver': '5.11.0-1018.20'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-5.11.0-34-generic', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-aws', 'pkgver': '5.11.0.1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-azure', 'pkgver': '5.11.0.1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-gcp', 'pkgver': '5.11.0.1018.18'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-gke', 'pkgver': '5.11.0.1018.18'},\n {'osver': '21.04', 'pkgname': 'linux-oem-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-oracle', 'pkgver': '5.11.0.1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-oracle-headers-5.11.0-1017', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-oracle-tools-5.11.0-1017', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-raspi', 'pkgver': '5.11.0.1017.15'},\n {'osver': '21.04', 'pkgname': 'linux-raspi-headers-5.11.0-1017', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-raspi-nolpae', 'pkgver': '5.11.0.1017.15'},\n {'osver': '21.04', 'pkgname': 'linux-raspi-tools-5.11.0-1017', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-source', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-source-5.11.0', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-1015-azure', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-1015-kvm', 'pkgver': '5.11.0-1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-1017-aws', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-1017-oracle', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-1017-raspi', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-1017-raspi-nolpae', 'pkgver': '5.11.0-1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-1018-gcp', 'pkgver': '5.11.0-1018.20'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-34', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-34-generic', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-34-generic-64k', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-34-generic-lpae', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-34-lowlatency', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-aws', 'pkgver': '5.11.0.1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-tools-azure', 'pkgver': '5.11.0.1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-tools-common', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-gcp', 'pkgver': '5.11.0.1018.18'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic-64k', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic-64k-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic-64k-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic-lpae', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic-lpae-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic-lpae-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-gke', 'pkgver': '5.11.0.1018.18'},\n {'osver': '21.04', 'pkgname': 'linux-tools-host', 'pkgver': '5.11.0-34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-kvm', 'pkgver': '5.11.0.1015.16'},\n {'osver': '21.04', 'pkgname': 'linux-tools-lowlatency', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-lowlatency-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-lowlatency-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-oem-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-oracle', 'pkgver': '5.11.0.1017.18'},\n {'osver': '21.04', 'pkgname': 'linux-tools-raspi', 'pkgver': '5.11.0.1017.15'},\n {'osver': '21.04', 'pkgname': 'linux-tools-raspi-nolpae', 'pkgver': '5.11.0.1017.15'},\n {'osver': '21.04', 'pkgname': 'linux-tools-virtual', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-virtual-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-tools-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-virtual', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-virtual-hwe-20.04', 'pkgver': '5.11.0.34.36'},\n {'osver': '21.04', 'pkgname': 'linux-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.34.36'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-aws / linux-aws-5.11-cloud-tools-5.11.0-1017 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:43", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:\n Upstream kernel (CVE-2021-0920)\n\n - In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187527909References: Upstream kernel (CVE-2021-0929)\n\n - In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References:\n Upstream kernel (CVE-2021-0941)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-03-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-1292)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2020-29569", "CVE-2021-0920", "CVE-2021-0929", "CVE-2021-0941", "CVE-2021-4002", "CVE-2021-4037", "CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4157"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1292.NASL", "href": "https://www.tenable.com/plugins/nessus/158524", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158524);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-26541\",\n \"CVE-2020-29569\",\n \"CVE-2021-0920\",\n \"CVE-2021-0929\",\n \"CVE-2021-0941\",\n \"CVE-2021-4002\",\n \"CVE-2021-4037\",\n \"CVE-2021-4083\",\n \"CVE-2021-4135\",\n \"CVE-2021-4157\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-1292)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:\n Upstream kernel (CVE-2021-0920)\n\n - In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory\n due to a use after free. This could lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-187527909References: Upstream kernel (CVE-2021-0929)\n\n - In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References:\n Upstream kernel (CVE-2021-0941)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1292\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b0f600e3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.18.0-147.5.1.6.h638.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.6.h638.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.6.h638.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.6.h638.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T16:46:38", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5913 advisory.\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)\n\n - A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2020-14356)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\n - Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. (CVE-2020-8695)\n\n - An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value. (CVE-2019-16089)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of- bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - **DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5.\n phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it..\n (CVE-2019-12380)\n\n - In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. (CVE-2019-19448)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-25641)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5913)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12380", "CVE-2019-16089", "CVE-2019-19377", "CVE-2019-19448", "CVE-2020-14356", "CVE-2020-14385", "CVE-2020-14390", "CVE-2020-25211", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-26541", "CVE-2020-8694", "CVE-2020-8695"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel"], "id": "ORACLELINUX_ELSA-2020-5913.NASL", "href": "https://www.tenable.com/plugins/nessus/180881", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5913.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180881);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\n \"CVE-2019-12380\",\n \"CVE-2019-16089\",\n \"CVE-2019-19377\",\n \"CVE-2019-19448\",\n \"CVE-2020-8694\",\n \"CVE-2020-8695\",\n \"CVE-2020-14356\",\n \"CVE-2020-14385\",\n \"CVE-2020-14390\",\n \"CVE-2020-25211\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-26541\"\n );\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5913)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-5913 advisory.\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and\n unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)\n\n - A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found\n in the way when reboot the system. A local user could use this flaw to crash the system or escalate their\n privileges on the system. (CVE-2020-14356)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in\n XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can\n lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading\n to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\n - Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to\n potentially enable information disclosure via local access. (CVE-2020-8695)\n\n - An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does\n not check the nla_nest_start_noflag return value. (CVE-2019-16089)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-\n bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - **DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5.\n phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in\n arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not\n being an issue because All the code touched by the referenced commit runs only at boot, before any user\n processes are started. Therefore, there is no possibility for an unprivileged user to control it..\n (CVE-2019-12380)\n\n - In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some\n operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in\n fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to\n a right data structure. (CVE-2019-19448)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length\n biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a\n denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block\n device, resulting in a denial of service. The highest threat from this vulnerability is to system\n availability. (CVE-2020-25641)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5913.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14356\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2025.402.2.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5913');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-doc-4.14.35-2025.402.2.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2025.402.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2025.402.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2025.402.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2025.402.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2025.402.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2025.402.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2025.402.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2025.402.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2025.402.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'perf-4.14.35'},\n {'reference':'python-perf-4.14.35-2025.402.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python-perf-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2025.402.2.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2025.402.2.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2025.402.2.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2025.402.2.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2025.402.2.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:50", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-147802478References: Upstream kernel (CVE-2020-0466)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. (CVE-2020-25704)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476 (CVE-2021-0605)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. (CVE-2021-32399)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\n - fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)\n\n - A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out- of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.\n (CVE-2021-3501)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2022-0059)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0466", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25704", "CVE-2020-26541", "CVE-2020-28374", "CVE-2021-0605", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3347", "CVE-2021-33909", "CVE-2021-3501"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:bpftool", "p-cpe:/a:zte:cgsl_main:bpftool-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel", "p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists", "p-cpe:/a:zte:cgsl_main:kernel-core", "p-cpe:/a:zte:cgsl_main:kernel-cross-headers", "p-cpe:/a:zte:cgsl_main:kernel-debug", "p-cpe:/a:zte:cgsl_main:kernel-debug-core", "p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debug-devel", "p-cpe:/a:zte:cgsl_main:kernel-debug-modules", "p-cpe:/a:zte:cgsl_main:kernel-debug-modules-extra", "p-cpe:/a:zte:cgsl_main:kernel-debug-modules-internal", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64", "p-cpe:/a:zte:cgsl_main:kernel-devel", "p-cpe:/a:zte:cgsl_main:kernel-headers", "p-cpe:/a:zte:cgsl_main:kernel-ipaclones-internal", "p-cpe:/a:zte:cgsl_main:kernel-modules", "p-cpe:/a:zte:cgsl_main:kernel-modules-extra", "p-cpe:/a:zte:cgsl_main:kernel-modules-internal", "p-cpe:/a:zte:cgsl_main:kernel-selftests-internal", "p-cpe:/a:zte:cgsl_main:kernel-sign-keys", "p-cpe:/a:zte:cgsl_main:kernel-tools", "p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_main:perf", "p-cpe:/a:zte:cgsl_main:perf-debuginfo", "p-cpe:/a:zte:cgsl_main:python3-perf", "p-cpe:/a:zte:cgsl_main:python3-perf-debuginfo", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0059_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/160868", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0059. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160868);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-0466\",\n \"CVE-2020-25285\",\n \"CVE-2020-25643\",\n \"CVE-2020-25704\",\n \"CVE-2020-26541\",\n \"CVE-2020-28374\",\n \"CVE-2021-0605\",\n \"CVE-2021-3347\",\n \"CVE-2021-3501\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-32399\",\n \"CVE-2021-33034\",\n \"CVE-2021-33909\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2022-0059)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple\nvulnerabilities:\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic\n error. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-147802478References: Upstream kernel (CVE-2020-0466)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of\n service. (CVE-2020-25704)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This\n could lead to local information disclosure in the kernel with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476\n (CVE-2021-0605)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI\n controller. (CVE-2021-32399)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an\n hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free\n during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\n - fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer\n allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an\n unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)\n\n - A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API,\n is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-\n of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.\n (CVE-2021-3501)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0059\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-0466\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25285\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25643\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25704\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-28374\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-0605\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-27363\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-27364\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-27365\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-32399\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-33034\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-3347\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-33909\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-3501\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-modules-internal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-ipaclones-internal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-modules-internal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-selftests-internal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-sign-keys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'bpftool-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'bpftool-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-abi-whitelists-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-core-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-cross-headers-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debug-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debug-core-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debug-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debug-devel-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debug-modules-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debug-modules-extra-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debug-modules-internal-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-debuginfo-common-x86_64-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-devel-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-headers-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-ipaclones-internal-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-modules-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-modules-extra-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-modules-internal-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-selftests-internal-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-sign-keys-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-tools-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-tools-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-tools-libs-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'kernel-tools-libs-devel-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'perf-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'perf-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'python3-perf-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3',\n 'python3-perf-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.g5b12072c3'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-16T15:01:32", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2377-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-13T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2377-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2021-4157", "CVE-2022-1012", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33981"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-2377-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163059", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2377-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163059);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2020-26541\",\n \"CVE-2021-4157\",\n \"CVE-2022-1012\",\n \"CVE-2022-1679\",\n \"CVE-2022-2318\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-20154\",\n \"CVE-2022-26365\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33981\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2377-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2377-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2377-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the\n small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of\n service problem. (CVE-2022-1012)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011520.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1b1c4cb5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-4.12.14-16.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-azure-base-4.12.14-16.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-azure-devel-4.12.14-16.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-devel-azure-4.12.14-16.103.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-source-azure-4.12.14-16.103.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-syms-azure-4.12.14-16.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-azure-4.12.14-16.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-azure-base-4.12.14-16.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-azure-devel-4.12.14-16.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-devel-azure-4.12.14-16.103.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-source-azure-4.12.14-16.103.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-syms-azure-4.12.14-16.103.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-base / kernel-azure-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T08:42:20", "description": "The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2382-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-14T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:2382-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2021-4157", "CVE-2022-1012", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33981"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_127-default", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-2382-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163096", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2382-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163096);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2020-26541\",\n \"CVE-2021-4157\",\n \"CVE-2022-1012\",\n \"CVE-2022-1679\",\n \"CVE-2022-2318\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-20154\",\n \"CVE-2022-26365\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33981\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2382-1\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:2382-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by\nmultiple vulnerabilities as referenced in the SUSE-SU-2022:2382-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the\n small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of\n service problem. (CVE-2022-1012)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011539.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?32de157b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_127-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLED_SAP12|SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLED_SAP12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED_SAP12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE-HPC-release-12.5', 'sle-ha-release-12.5', 'sles-release-12.5']},\n {'reference':'dlm-kmp-default-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE-HPC-release-12.5', 'sle-ha-release-12.5', 'sles-release-12.5']},\n {'reference':'gfs2-kmp-default-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE-HPC-release-12.5', 'sle-ha-release-12.5', 'sles-release-12.5']},\n {'reference':'ocfs2-kmp-default-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE-HPC-release-12.5', 'sle-ha-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-4.12.14-122.127.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-default-base-4.12.14-122.127.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-default-devel-4.12.14-122.127.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.127.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.127.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-default-man-4.12.14-122.127.1', 'sp':'5', 'cpu':'s390x', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-devel-4.12.14-122.127.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-macros-4.12.14-122.127.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-obs-build-4.12.14-122.127.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-source-4.12.14-122.127.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-syms-4.12.14-122.127.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-default-kgraft-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kernel-default-kgraft-devel-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kgraft-patch-4_12_14-122_127-default-1-8.3.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kernel-obs-build-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.127.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-12.5', 'sled-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.127.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-12.5', 'sled-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-default-base-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-default-devel-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-default-man-4.12.14-122.127.1', 'sp':'5', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-devel-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-macros-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-source-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-syms-4.12.14-122.127.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T08:43:32", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2407-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-21T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2407-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33981"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_95-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2407-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163363", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2407-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163363);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2020-26541\",\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2022-1679\",\n \"CVE-2022-2318\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-20154\",\n \"CVE-2022-26365\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33981\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2407-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2407-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2407-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011557.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e31ff85\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_95-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP0\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'dlm-kmp-default-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'gfs2-kmp-default-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-default-livepatch-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-devel-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-livepatch-4_12_14-150000_150_95-default-1-150000.1.3.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-macros-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-source-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'ocfs2-kmp-default-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'reiserfs-kmp-default-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-devel-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-devel-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'kernel-macros-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-macros-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-source-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-source-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'cluster-md-kmp-default-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15', 'sle-ha-release-15', 'sles-release-15']},\n {'reference':'dlm-kmp-default-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15', 'sle-ha-release-15', 'sles-release-15']},\n {'reference':'gfs2-kmp-default-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15', 'sle-ha-release-15', 'sles-release-15']},\n {'reference':'kernel-default-livepatch-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15', 'sle-module-live-patching-release-15', 'sles-release-15']},\n {'reference':'kernel-livepatch-4_12_14-150000_150_95-default-1-150000.1.3.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15', 'sle-module-live-patching-release-15', 'sles-release-15']},\n {'reference':'ocfs2-kmp-default-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15', 'sle-ha-release-15', 'sles-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-default-man-4.12.14-150000.150.95.1', 'sp':'0', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'reiserfs-kmp-default-4.12.14-150000.150.95.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T15:23:50", "description": "The version of kernel installed on the remote host is prior to 5.4.129-62.227. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-004 advisory.\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\n (CVE-2020-24586)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.\n Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)\n\n - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. (CVE-2020-26139)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data- confidentiality protocol. (CVE-2020-26141)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (CVE-2020-26145)\n\n - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. (CVE-2020-26558)\n\n - Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. (CVE-2021-0129)\n\n - An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. (CVE-2021-22543)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. (CVE-2021-32399)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\n - net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (CVE-2021-34693)\n\n - An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-3506)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\n - net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. (CVE-2021-38208)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-02T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26141", "CVE-2020-26145", "CVE-2020-26147", "CVE-2020-26541", "CVE-2020-26558", "CVE-2021-0129", "CVE-2021-22543", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-34693", "CVE-2021-3506", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-38208"], "modified": "2023-09-05T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo"], "id": "AL2_ALASKERNEL-5_4-2022-004.NASL", "href": "https://www.tenable.com/plugins/nessus/160440", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-004.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160440);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/05\");\n\n script_cve_id(\n \"CVE-2020-24586\",\n \"CVE-2020-24587\",\n \"CVE-2020-24588\",\n \"CVE-2020-26139\",\n \"CVE-2020-26141\",\n \"CVE-2020-26145\",\n \"CVE-2020-26147\",\n \"CVE-2020-26541\",\n \"CVE-2020-26558\",\n \"CVE-2021-0129\",\n \"CVE-2021-3506\",\n \"CVE-2021-3564\",\n \"CVE-2021-3573\",\n \"CVE-2021-22543\",\n \"CVE-2021-32399\",\n \"CVE-2021-33034\",\n \"CVE-2021-34693\",\n \"CVE-2021-38208\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0223-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0222-S\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-004)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.129-62.227. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-004 advisory.\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a\n network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP,\n CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\n (CVE-2020-24586)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary\n can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP,\n CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.\n Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an\n adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)\n\n - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other\n clients even though the sender has not yet successfully authenticated to the AP. This might be abused in\n projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier\n to exploit other vulnerabilities in connected clients. (CVE-2020-26139)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation\n does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can\n abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-\n confidentiality protocol. (CVE-2020-26141)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3\n implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process\n them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets\n independent of the network configuration. (CVE-2020-26145)\n\n - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble\n fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject\n packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP,\n CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby\n man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication\n procedure) by reflection of the public key and the authentication evidence of the initiating device,\n potentially permitting this attacker to complete authenticated pairing with the responding device using\n the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit\n at a time. (CVE-2020-26558)\n\n - Improper access control in BlueZ may allow an authenticated user to potentially enable information\n disclosure via adjacent access. (CVE-2021-0129)\n\n - An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass\n RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users\n with the ability to start and control a VM to read/write random pages of memory and can result in local\n privilege escalation. (CVE-2021-22543)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI\n controller. (CVE-2021-32399)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an\n hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\n - net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from\n kernel stack memory because parts of a data structure are uninitialized. (CVE-2021-34693)\n\n - An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux\n kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to\n out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest\n threat from this vulnerability is to system availability. (CVE-2021-3506)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in\n the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the\n system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way\n user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev()\n together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(),\n hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their\n privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\n - net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial\n of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure\n of a bind call. (CVE-2021-38208)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-004.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-24586.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-24587.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-24588.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-26139.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-26141.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-26145.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-26147.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-26541.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-26558.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-0129.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-22543.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-32399.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-33034.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-34693.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3506.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3564.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3573.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-38208.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3573\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-33034\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kpatch.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-26139\", \"CVE-2020-26141\", \"CVE-2020-26145\", \"CVE-2020-26147\", \"CVE-2020-26541\", \"CVE-2020-26558\", \"CVE-2021-0129\", \"CVE-2021-3506\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-22543\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-34693\", \"CVE-2021-38208\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-004\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.4.129-62.227.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-5.4.129-62.227.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.129-62.227.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.129-62.227.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.129-62.227.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.129-62.227.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.129-62.227.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.129-62.227.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.129-62.227.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.129-62.227.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.129-62.227.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.129-62.227.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.129-62.227.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.129-62.227.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.129-62.227.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.129-62.227.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.129-62.227.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.129-62.227.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.129-62.227.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.129-62.227.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.129-62.227.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.129-62.227.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.129-62.227.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.129-62.227.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.129-62.227.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.129-62.227.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.129-62.227.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.129-62.227.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.129-62.227.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-24T19:02:02", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2393-1 advisory.\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. (CVE-2022-1729)\n\n - A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. (CVE-2022-1974)\n\n - There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. (CVE-2022-1975)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-15T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2393-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19377", "CVE-2020-26541", "CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1184", "CVE-2022-1679", "CVE-2022-1729", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-21499", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33981"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_102-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default"], "id": "SUSE_SU-2022-2393-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163241", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2393-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163241);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2019-19377\",\n \"CVE-2020-26541\",\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2022-1184\",\n \"CVE-2022-1679\",\n \"CVE-2022-1729\",\n \"CVE-2022-1974\",\n \"CVE-2022-1975\",\n \"CVE-2022-2318\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-20154\",\n \"CVE-2022-21499\",\n \"CVE-2022-26365\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33981\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2393-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2393-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2393-1 advisory.\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and\n unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged\n user to gain root privileges. The bug allows to build several exploit primitives such as kernel address\n information leak, arbitrary execution, etc. (CVE-2022-1729)\n\n - A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition\n between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN\n privilege to leak kernel information. (CVE-2022-1974)\n\n - There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by\n simulating a nfc device from user-space. (CVE-2022-1975)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1158266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1162338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1162369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011546.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae37e6c0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_102-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE-HPC-release-12.4', 'sle-ha-release-12.4', 'sles-release-12.4']},\n {'reference':'dlm-kmp-default-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE-HPC-release-12.4', 'sle-ha-release-12.4', 'sles-release-12.4']},\n {'reference':'gfs2-kmp-default-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE-HPC-release-12.4', 'sle-ha-release-12.4', 'sles-release-12.4']},\n {'reference':'ocfs2-kmp-default-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE-HPC-release-12.4', 'sle-ha-release-12.4', 'sles-release-12.4']},\n {'reference':'kernel-default-4.12.14-95.102.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-default-base-4.12.14-95.102.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-default-devel-4.12.14-95.102.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-devel-4.12.14-95.102.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-macros-4.12.14-95.102.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-source-4.12.14-95.102.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-syms-4.12.14-95.102.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-default-kgraft-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kernel-default-kgraft-devel-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kgraft-patch-4_12_14-95_102-default-1-6.3.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kernel-default-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-base-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-devel-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-man-4.12.14-95.102.1', 'sp':'4', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-devel-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-macros-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-source-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-syms-4.12.14-95.102.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-30T16:50:48", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2177-1 advisory.\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. (CVE-2022-1729)\n\n - A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. (CVE-2022-1974)\n\n - There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. (CVE-2022-1975)\n\n - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21127)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access. (CVE-2022-21180)\n\n - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-25T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2177-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19377", "CVE-2020-26541", "CVE-2021-33061", "CVE-2022-0168", "CVE-2022-1184", "CVE-2022-1652", "CVE-2022-1729", "CVE-2022-1966", "CVE-2022-1972", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-20008", "CVE-2022-20141", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-21180", "CVE-2022-30594", "CVE-2022-32250"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-source-rt", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2177-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162531", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2177-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162531);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2019-19377\",\n \"CVE-2020-26541\",\n \"CVE-2021-33061\",\n \"CVE-2022-0168\",\n \"CVE-2022-1184\",\n \"CVE-2022-1652\",\n \"CVE-2022-1729\",\n \"CVE-2022-1966\",\n \"CVE-2022-1972\",\n \"CVE-2022-1974\",\n \"CVE-2022-1975\",\n \"CVE-2022-20008\",\n \"CVE-2022-20141\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21127\",\n \"CVE-2022-21166\",\n \"CVE-2022-21180\",\n \"CVE-2022-30594\",\n \"CVE-2022-32250\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2177-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2177-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2177-1 advisory.\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and\n unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an\n authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the\n fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user\n function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged\n user to gain root privileges. The bug allows to build several exploit primitives such as kernel address\n information leak, arbitrary execution, etc. (CVE-2022-1729)\n\n - A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition\n between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN\n privilege to leak kernel information. (CVE-2022-1974)\n\n - There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by\n simulating a nfc device from user-space. (CVE-2022-1975)\n\n - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized\n data. This could lead to local information disclosure if reading from an SD card that triggers errors,\n with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21127)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially\n cause a denial of service via local access. (CVE-2022-21180)\n\n - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers\n to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1061840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1103269\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1118212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1158266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199839\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21125\");\n script_set_attribu

CVE-2020-26541

Description

Affected Software

Related