DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2020-27777", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-27777", "description": "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.", "published": "2020-12-15T17:15:00", "modified": "2023-10-05T14:29:00", "epss": [{"cve": "CVE-2020-27777", "epss": 0.00042, "percentile": 0.0573, "modified": "2023-12-03"}], "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2}, "severity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 0.8, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27777", "reporter": "secalert@redhat.com", "references": ["https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=bd59380c5ba4147dcbaad3e582b55ccfd120b764", "https://www.openwall.com/lists/oss-security/2020/11/23/2", "https://www.openwall.com/lists/oss-security/2020/10/09/1", "https://bugzilla.redhat.com/show_bug.cgi?id=1900844"], "cvelist": ["CVE-2020-27777"], "immutableFields": [], "lastseen": "2023-12-03T15:51:01", "viewCount": 307, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4356"]}, {"type": "amazon", "idList": ["ALAS-2020-1462", "ALAS-2021-1461", "ALAS2-2020-1566"]}, {"type": "cbl_mariner", "idList": ["CBLMARINER:3700"]}, {"type": "centos", "idList": ["CESA-2021:3327"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:4C29708E9DB1757C4BE1AE571C33062C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-27777"]}, {"type": "f5", "idList": ["F5:K61294700"]}, {"type": "ibm", "idList": ["26430C27ADFEC47603BA22FE9750F46B1E6B9ADBC8FA3363BFC07025EA593253", "516C78282E257BAD924E6FC3088367963BA15FCD8305B1B9C4978CA225F03D64", "DFB2B8A17991C21AA572BC3D0FE7E4D2908FC84F553760CE8368AAFCE6C462AE"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1566.NASL", "ALA_ALAS-2020-1462.NASL", "ALA_ALAS-2021-1461.NASL", "ALMA_LINUX_ALSA-2021-4356.NASL", "CENTOS8_RHSA-2021-4356.NASL", "CENTOS_RHSA-2021-3327.NASL", "EULEROS_SA-2020-2514.NASL", "EULEROS_SA-2021-1009.NASL", "EULEROS_SA-2021-1028.NASL", "EULEROS_SA-2021-1039.NASL", "EULEROS_SA-2021-1311.NASL", "EULEROS_SA-2021-1604.NASL", "EULEROS_SA-2021-1642.NASL", "EULEROS_SA-2021-1684.NASL", "EULEROS_SA-2021-1808.NASL", "EULEROS_SA-2021-2040.NASL", "NUTANIX_NXSA-AOS-5_20_2.NASL", "NUTANIX_NXSA-AOS-5_20_3.NASL", "NUTANIX_NXSA-AOS-6_0_1_6.NASL", "NUTANIX_NXSA-AOS-6_0_2.NASL", "NUTANIX_NXSA-AOS-6_1.NASL", "OPENSUSE-2020-2161.NASL", "OPENSUSE-2020-2193.NASL", "OPENSUSE-2020-2260.NASL", "OPENSUSE-2021-242.NASL", "OPENSUSE-2021-60.NASL", "OPENSUSE-2021-75.NASL", "ORACLELINUX_ELSA-2021-3327.NASL", "ORACLELINUX_ELSA-2021-4356.NASL", "REDHAT-RHSA-2021-3327.NASL", "REDHAT-RHSA-2021-4356.NASL", "SL_20210831_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2020-3715-1.NASL", "SUSE_SU-2020-3717-1.NASL", "SUSE_SU-2020-3718-1.NASL", "SUSE_SU-2020-3748-1.NASL", "SUSE_SU-2020-3764-1.NASL", "SUSE_SU-2020-3798-1.NASL", "SUSE_SU-2021-0095-1.NASL", "SUSE_SU-2021-0098-1.NASL", "SUSE_SU-2021-0108-1.NASL", "SUSE_SU-2021-0117-1.NASL", "SUSE_SU-2021-0118-1.NASL", "SUSE_SU-2021-0133-1.NASL", "SUSE_SU-2021-0434-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-0452-1.NASL", "SUSE_SU-2021-14630-1.NASL", "UBUNTU_USN-4679-1.NASL", "UBUNTU_USN-4680-1.NASL", "UBUNTU_USN-4708-1.NASL", "UBUNTU_USN-4751-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-3327", "ELSA-2021-4356"]}, {"type": "osv", "idList": ["OSV:DLA-2483-1"]}, {"type": "photon", "idList": ["PHSA-2020-0174", "PHSA-2020-3.0-0174"]}, {"type": "prion", "idList": ["PRION:CVE-2020-27777"]}, {"type": "redhat", "idList": ["RHSA-2021:3327", "RHSA-2021:3454", "RHSA-2021:3653", "RHSA-2021:4356", "RHSA-2021:4627", "RHSA-2021:5137"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-27777"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:2161-1", "OPENSUSE-SU-2020:2193-1", "OPENSUSE-SU-2020:2260-1", "OPENSUSE-SU-2021:0060-1", "OPENSUSE-SU-2021:0075-1", "OPENSUSE-SU-2021:0242-1"]}, {"type": "ubuntu", "idList": ["USN-4679-1", "USN-4680-1", "USN-4708-1", "USN-4751-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-27777"]}]}, "score": {"value": 6.4, "uncertanity": 0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4356"]}, {"type": "amazon", "idList": ["ALAS-2020-1462", "ALAS2-2020-1566"]}, {"type": "centos", "idList": ["CESA-2021:3327"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:4C29708E9DB1757C4BE1AE571C33062C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-27777"]}, {"type": "f5", "idList": ["F5:K61294700"]}, {"type": "ibm", "idList": ["516C78282E257BAD924E6FC3088367963BA15FCD8305B1B9C4978CA225F03D64", "DFB2B8A17991C21AA572BC3D0FE7E4D2908FC84F553760CE8368AAFCE6C462AE"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1566.NASL", "ALA_ALAS-2020-1462.NASL", "CENTOS_RHSA-2021-3327.NASL", "EULEROS_SA-2020-2514.NASL", "EULEROS_SA-2021-1009.NASL", "EULEROS_SA-2021-1028.NASL", "EULEROS_SA-2021-1311.NASL", "OPENSUSE-2020-2161.NASL", "OPENSUSE-2020-2193.NASL", "OPENSUSE-2020-2260.NASL", "OPENSUSE-2021-242.NASL", "ORACLELINUX_ELSA-2021-3327.NASL", "REDHAT-RHSA-2021-3327.NASL", "SL_20210831_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2020-3715-1.NASL", "SUSE_SU-2020-3717-1.NASL", "SUSE_SU-2020-3718-1.NASL", "SUSE_SU-2020-3748-1.NASL", "SUSE_SU-2020-3764-1.NASL", "SUSE_SU-2020-3798-1.NASL", "SUSE_SU-2021-0434-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-0452-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-3327"]}, {"type": "photon", "idList": ["PHSA-2020-3.0-0174"]}, {"type": "redhat", "idList": ["RHSA-2021:3653"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-27777"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:2161-1", "OPENSUSE-SU-2020:2193-1", "OPENSUSE-SU-2020:2260-1", "OPENSUSE-SU-2021:0060-1", "OPENSUSE-SU-2021:0075-1", "OPENSUSE-SU-2021:0242-1"]}, {"type": "ubuntu", "idList": ["USN-4679-1", "USN-4680-1", "USN-4751-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-27777"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "linux linux kernel", "version": 5}, {"name": "redhat openshift container platform", "version": 4}, {"name": "redhat openshift container platform", "version": 4}, {"name": "redhat openshift container platform", "version": 4}, {"name": "redhat enterprise linux", "version": 5}, {"name": "redhat enterprise linux", "version": 6}, {"name": "redhat enterprise linux", "version": 7}, {"name": "redhat enterprise linux", "version": 8}]}, "epss": [{"cve": "CVE-2020-27777", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}], "short_description": "A flaw in RTAS handling of memory accesses in userspace to kernel communication allows local user to increase privileges", "tags": ["cve-2020-27777", "rtas", "memory access", "userspace", "kernel communication", "local user privilege", "powervm", "kvm hypervisor", "pseries platform", "nvd"], "vulnersScore": 6.4}, "_state": {"dependencies": 1701618697, "score": 1701618842, "affected_software_major_version": 0, "epss": 0, "chatgpt": 0}, "_internal": {"score_hash": "b2d3286eae93e7ac35f5b32ef8b725fc", "chatgpt": "bcd8b0c2eb1fce714eab6cef0d771acc"}, "cna_cvss": {"cna": "redhat", "cvss": {}}, "cpe": ["cpe:/a:redhat:openshift_container_platform:4.6", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux:5.0", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/a:redhat:openshift_container_platform:4.5", "cpe:/a:redhat:openshift_container_platform:4.4"], "cpe23": ["cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openshift_container_platform:4.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openshift_container_platform:4.5:*:*:*:*:*:*:*"], "cwe": ["CWE-862"], "affectedSoftware": [{"cpeName": "linux:linux_kernel", "version": "5.9.5", "operator": "lt", "name": "linux linux kernel"}, {"cpeName": "linux:linux_kernel", "version": "5.4.75", "operator": "lt", "name": "linux linux kernel"}, {"cpeName": "linux:linux_kernel", "version": "4.19.155", "operator": "lt", "name": "linux linux kernel"}, {"cpeName": "linux:linux_kernel", "version": "4.14.204", "operator": "lt", "name": "linux linux kernel"}, {"cpeName": "redhat:enterprise_linux", "version": "7.0", "operator": "eq", "name": "redhat enterprise linux"}, {"cpeName": "redhat:enterprise_linux", "version": "6.0", "operator": "eq", "name": "redhat enterprise linux"}, {"cpeName": "redhat:enterprise_linux", "version": "5.0", "operator": "eq", "name": "redhat enterprise linux"}, {"cpeName": "redhat:enterprise_linux", "version": "8.0", "operator": "eq", "name": "redhat enterprise linux"}, {"cpeName": "redhat:openshift_container_platform", "version": "4.5", "operator": "eq", "name": "redhat openshift container platform"}, {"cpeName": "redhat:openshift_container_platform", "version": "4.6", "operator": "eq", "name": "redhat openshift container platform"}, {"cpeName": "redhat:openshift_container_platform", "version": "4.4", "operator": "eq", "name": "redhat openshift container platform"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.9.5:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.9.5", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.4.75:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "5.4.75", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:4.19.155:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "4.19.155", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:4.14.204:*:*:*:*:*:*:*", "versionEndExcluding": "4.14.204", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.5:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.4:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=bd59380c5ba4147dcbaad3e582b55ccfd120b764", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=bd59380c5ba4147dcbaad3e582b55ccfd120b764", "refsource": "MISC", "tags": ["Exploit", "Patch", "Vendor Advisory"]}, {"url": "https://www.openwall.com/lists/oss-security/2020/11/23/2", "name": "https://www.openwall.com/lists/oss-security/2020/11/23/2", "refsource": "MISC", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://www.openwall.com/lists/oss-security/2020/10/09/1", "name": "https://www.openwall.com/lists/oss-security/2020/10/09/1", "refsource": "MISC", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900844", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1900844", "refsource": "MISC", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"]}], "product_info": [{"vendor": "Redhat", "product": "Openshift_container_platform"}, {"vendor": "Linux", "product": "Linux_kernel"}, {"vendor": "Redhat", "product": "Enterprise_linux"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862", "lang": "en", "type": "CWE"}]}], "exploits": [], "assigned": "2020-10-27T00:00:00"}

{"cbl_mariner": [{"lastseen": "2023-12-03T20:18:20", "description": "CVE-2020-27777 affecting package kernel 5.4.91-6. A patched version of the package is available.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-29T07:40:05", "type": "cbl_mariner", "title": "CVE-2020-27777 affecting package kernel 5.4.91-6", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27777"], "modified": "2021-01-29T07:40:05", "id": "CBLMARINER:3700", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2023-12-05T14:09:06", "description": "A flaw was found in the way RTAS handled memory accesses in userspace to\nkernel communication. On a locked down (usually due to Secure Boot) guest\nsystem running on top of PowerVM or KVM hypervisors (pseries platform) a\nroot like local user could use this flaw to further increase their\nprivileges to that of a running kernel.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | fix needs typo correction from lkml link in refs\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-15T00:00:00", "type": "ubuntucve", "title": "CVE-2020-27777", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27777"], "modified": "2020-12-15T00:00:00", "id": "UB:CVE-2020-27777", "href": "https://ubuntu.com/security/CVE-2020-27777", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2023-02-08T16:43:18", "description": "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. ([CVE-2020-27777](<https://vulners.com/cve/CVE-2020-27777>))\n\nImpact\n\nThis vulnerability can be exploited to compromise kernel integrity.\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-05T21:39:00", "type": "f5", "title": "Linux kernel vulnerability CVE-2020-27777", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27777"], "modified": "2021-11-05T21:39:00", "id": "F5:K61294700", "href": "https://support.f5.com/csp/article/K61294700", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2023-12-03T18:27:53", "description": "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-15T17:15:00", "type": "debiancve", "title": "CVE-2020-27777", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27777"], "modified": "2020-12-15T17:15:00", "id": "DEBIANCVE:CVE-2020-27777", "href": "https://security-tracker.debian.org/tracker/CVE-2020-27777", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "prion": [{"lastseen": "2023-11-22T01:34:00", "description": "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-15T17:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27777"], "modified": "2023-10-05T14:29:00", "id": "PRION:CVE-2020-27777", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-27777", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-12-03T18:35:01", "description": "## Summary\n\nLinux Kernel used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE(CVE-2020-27777 ).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27777](<https://vulners.com/cve/CVE-2020-27777>) \n** DESCRIPTION: **Linux Kernel for PowerPC could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with the Run-Time Abstraction Services (RTAS) interface. By sending a specially-crafted request, an attacker could exploit this vulnerability to overwrite some parts of memory, including kernel memory. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192283](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192283>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Integrated Analytics System| 1.0.0-1.0.27.0 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by applying below security patch.**\n\nProduct| VRMF| Remediation / First Fix \n---|---|--- \nIBM Integrated Analytics System | 7.9.21.12.SP6| [Link to fix central](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FIBM+Integrated+Analytics+System&fixids=7.9.21.12.SP6-IM-IIAS-fp145&source=SAR> \"\" ) \n \nPlease follow the steps given in **[release notes](<https://www.ibm.com/docs/en/ias?topic=notes-security-patch-release> \"\" )** to upgrade system with security patches \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-20T08:52:46", "type": "ibm", "title": "Security Bulletin: Vulnerability in Linux Kernel affects IBM Integrated Analytics System.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27777"], "modified": "2022-04-20T08:52:46", "id": "26430C27ADFEC47603BA22FE9750F46B1E6B9ADBC8FA3363BFC07025EA593253", "href": "https://www.ibm.com/support/pages/node/6573607", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-20T16:00:40", "description": "## Summary\n\nThe product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-7226](<https://vulners.com/cve/CVE-2020-7226>) \n** DESCRIPTION: **Cryptacular is vulnerable to a denial of service, caused by an excessive memory allocation during a decode operation in CiphertextHeader.java. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175399](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175399>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-22696](<https://vulners.com/cve/CVE-2021-22696>) \n** DESCRIPTION: **Apache CXF is vulnerable to a denial of service, caused by improper validation of request_uri parameter by the OAuth 2 authorization service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition on the authorization server. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199335](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199335>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-13954](<https://vulners.com/cve/CVE-2020-13954>) \n** DESCRIPTION: **Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the services listing page. A remote attacker could exploit this vulnerability using the styleSheetPath in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191650](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191650>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-8029](<https://vulners.com/cve/CVE-2018-8029>) \n** DESCRIPTION: **Apache Hadoop could allow a remote authenticated attacker to gain elevated privileges on the system. An attacker could exploit this vulnerability to run arbitrary commands as root user. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161812](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161812>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9492](<https://vulners.com/cve/CVE-2020-9492>) \n** DESCRIPTION: **Apache Hadoop could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of SPNEGO authorization header. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to trigger services to send server credentials to a webhdfs path for capturing the service principal. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-11768](<https://vulners.com/cve/CVE-2018-11768>) \n** DESCRIPTION: **Apache Hadoop is vulnerable to a denial of service, caused by a mismatch in the size of the fields used to store user/group information between memory and disk representation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the user/group information to be corrupted across storing in fsimage and reading back from fsimage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-15713](<https://vulners.com/cve/CVE-2017-15713>) \n** DESCRIPTION: **Apache Hadoop could allow a remote authenticated attacker to obtain sensitive information. By using a specially-crafted file, a remote attacker could exploit this vulnerability to expose private files. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138064](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138064>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-18751](<https://vulners.com/cve/CVE-2018-18751>) \n** DESCRIPTION: **GNU gettext is vulnerable to a denial of service, caused by a double free flaw in the default_add_message function in read-catalog.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152105](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152105>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-9924](<https://vulners.com/cve/CVE-2019-9924>) \n** DESCRIPTION: **Bash could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by the failure to prevent the shell user from modifying BASH_CMDS in the rbash. By modifying BASH_CMDS, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the permissions of the shell. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158906](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158906>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3715](<https://vulners.com/cve/CVE-2021-3715>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in route4_change() in net/sched/cls_route.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208836>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-27777](<https://vulners.com/cve/CVE-2020-27777>) \n** DESCRIPTION: **Linux Kernel for PowerPC could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with the Run-Time Abstraction Services (RTAS) interface. By sending a specially-crafted request, an attacker could exploit this vulnerability to overwrite some parts of memory, including kernel memory. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192283](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192283>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-22555](<https://vulners.com/cve/CVE-2021-22555>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a heap out-of-bounds write flaw in net/netfilter/x_tables.c. By sending a specially-crafted request through user name space, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204997](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204997>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-29154](<https://vulners.com/cve/CVE-2021-29154>) \n** DESCRIPTION: **Linux Kernel could allow a could allow a local authenticated attacker to gain elevated privileges on the system, caused by an issue with incorrect computation of branch displacements in BPF JIT compiler. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges, and execute arbitrary code in the Kernel mode. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199609](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199609>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-29650](<https://vulners.com/cve/CVE-2021-29650>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by the lack of a full memory barrier upon the assignment of a new table value in the netfilter subsystem. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199201](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199201>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-32399](<https://vulners.com/cve/CVE-2021-32399>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the BlueTooth subsystem. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201653](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201653>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM QRadar SIEM 7.3.0 to 7.3.3 Fix Pack 9\n\nIBM QRadar SIEM 7.4.0 to 7.4.3 Fix Pack 2\n\n## Remediation/Fixes\n\n \n[QRadar / QRM / QVM / QRIF / QNI 7.3.3 Fix Pack 10](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.4.0&platform=Linux&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20211125190208&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=SAR> \"QRadar / QRM / QVM / QRIF / QNI 7.3.3 Fix Pack 10\" )\n\nQRadar / QRM / QVM / QRIF / QNI 7.4.3 Fix Pack 3\n\n[QRadar / QRM / QVM / QRIF / QNI 7.4.3 Fix Pack 4](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.4.0&platform=Linux&function=fixId&fixids=7.4.3-QRADAR-QRSIEM-20211113154131&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"QRadar / QRM / QVM / QRIF / QNI 7.4.3 Fix Pack 4\" )\n\n**Note**: Version 7.4.3 Fix Pack 3 is only available to QRadar on Cloud users. QRadar 7.4.3 Fix Pack 3 [was removed for on-premise QRadar SIEM users](<https://www.ibm.com/support/pages/node/6509562>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-03T18:47:00", "type": "ibm", "title": "Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities", "bulletinFamily": "software", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "type": "Primary", "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15713", "CVE-2018-11768", "CVE-2018-18751", "CVE-2018-8029", "CVE-2019-9924", "CVE-2020-13954", "CVE-2020-27777", "CVE-2020-7226", "CVE-2020-9492", "CVE-2021-22555", "CVE-2021-22696", "CVE-2021-28163", "CVE-2021-28165", "CVE-2021-28169", "CVE-2021-29154", "CVE-2021-29425", "CVE-2021-29650", "CVE-2021-32399", "CVE-2021-3715"], "modified": "2021-12-03T18:47:00", "id": "516C78282E257BAD924E6FC3088367963BA15FCD8305B1B9C4978CA225F03D64", "href": "https://www.ibm.com/support/pages/node/6520472", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T17:55:50", "description": "## Summary\n\nIBM Data Risk Manager has addressed the following vulnerabilities:\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-20227](<https://vulners.com/cve/CVE-2021-20227>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by a use-after-free flaw in the SELECT query function in src/select.c. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition or possibly execute arbitrary code on the system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198960](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198960>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-2388](<https://vulners.com/cve/CVE-2021-2388>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205815](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205815>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-2369](<https://vulners.com/cve/CVE-2021-2369>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Library component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205796](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205796>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-2432](<https://vulners.com/cve/CVE-2021-2432>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205856](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205856>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-29154](<https://vulners.com/cve/CVE-2021-29154>) \n** DESCRIPTION: **Linux Kernel could allow a could allow a local authenticated attacker to gain elevated privileges on the system, caused by an issue with incorrect computation of branch displacements in BPF JIT compiler. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges, and execute arbitrary code in the Kernel mode. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199609](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199609>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-38915](<https://vulners.com/cve/CVE-2021-38915>) \n** DESCRIPTION: **IBM Cloud Pak - Risk Manager stores user credentials in plain clear text which can be read by an authenticated user. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209947](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209947>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-22118](<https://vulners.com/cve/CVE-2021-22118>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the WebFlux application. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to read or modify files in the WebFlux application, or overwrite arbitrary files with multipart request data. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202705](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202705>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L) \n \n** CVEID: **[CVE-2021-3715](<https://vulners.com/cve/CVE-2021-3715>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in route4_change() in net/sched/cls_route.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208836>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-27777](<https://vulners.com/cve/CVE-2020-27777>) \n** DESCRIPTION: **Linux Kernel for PowerPC could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with the Run-Time Abstraction Services (RTAS) interface. By sending a specially-crafted request, an attacker could exploit this vulnerability to overwrite some parts of memory, including kernel memory. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192283](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192283>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-2161](<https://vulners.com/cve/CVE-2021-2161>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200290](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200290>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-3347](<https://vulners.com/cve/CVE-2021-3347>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a kernel stack use-after-free during fault handling in PI futexes. An attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the kernel. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195798](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195798>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-22119](<https://vulners.com/cve/CVE-2021-22119>) \n** DESCRIPTION: **VMware Tanzu Spring Security is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted requests to initiate the Authorization Request for the Authorization Code Grant, a remote attacker could exploit this vulnerability to exhaust available system resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-2341](<https://vulners.com/cve/CVE-2021-2341>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-36690](<https://vulners.com/cve/CVE-2021-36690>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by a segmentation fault in the idxGetTableInfo function. By sending a specially-crafted query, a local authenticated attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208138](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208138>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33033](<https://vulners.com/cve/CVE-2021-33033>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the cipso_v4_genopt function in net/ipv4/cipso_ipv4.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203148](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203148>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-33034](<https://vulners.com/cve/CVE-2021-33034>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw when destroying an hci_chan in net/bluetooth/hci_event.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203149](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203149>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-29650](<https://vulners.com/cve/CVE-2021-29650>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by the lack of a full memory barrier upon the assignment of a new table value in the netfilter subsystem. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199201](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199201>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-38862](<https://vulners.com/cve/CVE-2021-38862>) \n** DESCRIPTION: **IBM Cloud Pak - Risk Manager/IBM Data Risk Manager (iDNA) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207980](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207980>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-33909](<https://vulners.com/cve/CVE-2021-33909>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write in fs/seq_file.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges to root. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205906](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205906>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30640](<https://vulners.com/cve/CVE-2021-30640>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper authentication validation in the JNDI Realm. By sending a specially-crafted request using various user names, an attacker could exploit this vulnerability to bypass some of the protection provided by the LockOut Realm. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205213](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205213>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-32027](<https://vulners.com/cve/CVE-2021-32027>) \n** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow while modifying certain SQL array values. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202823>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-33037](<https://vulners.com/cve/CVE-2021-33037>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header. By sending a specially-crafted HTTP(S) transfer-encoding request header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205222](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205222>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-41079](<https://vulners.com/cve/CVE-2021-41079>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by improper input validation of TLS packets. By sending a specially-crafted TLS packet, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209450](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209450>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-30639](<https://vulners.com/cve/CVE-2021-30639>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by improper error handling during non-blocking I/O. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to trigger non-blocking I/O errors resulting in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205212](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205212>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-32028](<https://vulners.com/cve/CVE-2021-32028>) \n** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a memory disclosure vulnerability when using an INSERT \u2026 ON CONFLICT \u2026 DO UPDATE command on a purpose-crafted table. By creating prerequisite objects, an attacker could exploit this vulnerability to read arbitrary bytes of server memory. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203616](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203616>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-22555](<https://vulners.com/cve/CVE-2021-22555>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a heap out-of-bounds write flaw in net/netfilter/x_tables.c. By sending a specially-crafted request through user name space, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204997](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204997>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-27170](<https://vulners.com/cve/CVE-2020-27170>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds loads flaw. By executing specially-crafted BPF programs, an attacker could exploit this vulnerability to obtain contents of kernel memory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198453](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198453>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM DRM| 2.0.6 \n \n\n\n## Remediation/Fixes\n\nTo obtain fixes for all reported issues, customers are advised first to upgrade to v2.0.6.8, and then apply the latest FixPack 2.0.6.9. The FixPack is not cumulative. So it must be applied on top of 2.0.6.8 in sequence.\n\n_Product_| _VRMF_| _APAR \n_| _Remediation / First Fix_ \n---|---|---|--- \nIBM Data Risk Manager| 2.0.6| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.1_Fixpack ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.4.1&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.2_Fixpack ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.1&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.3_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.2&platform=Linux&function=all>)\n\n4) Apply [DRM_2.0.6.4_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all> \"DRM_2.0.6.4_FixPack\" )\n\n5) Apply [DRM_2.0.6.5_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all>)\n\n6) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n7) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>)\n\n8) Apply [DRM_2.0.6.8_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.7&platform=Linux&function=all>)\n\n9) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>) \n \nIBM Data Risk Manager| 2.0.6.1| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.2_Fixpack ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.1&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.3_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.2&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.4_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all> \"DRM_2.0.6.4_FixPack\" )\n\n4) Apply [DRM_2.0.6.5_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all>)\n\n5) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n6) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>)\n\n7) Apply [DRM_2.0.6.8_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.7&platform=Linux&function=all>)\n\n8) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>) \n \nIBM Data Risk Manager| 2.0.6.2| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.3_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.2&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.4_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all> \"DRM_2.0.6.4_FixPack\" )\n\n3) Apply [DRM_2.0.6.5_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all>)\n\n4) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n5) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>)\n\n6) Apply [DRM_2.0.6.8_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.7&platform=Linux&function=all>)\n\n7) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>) \n \nIBM Data Risk Manager| 2.0.6.3| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.4_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all> \"DRM_2.0.6.4_FixPack\" )\n\n2) Apply [DRM_2.0.6.5_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n4) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>)\n\n5) Apply [DRM_2.0.6.8_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.7&platform=Linux&function=all>)\n\n6) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>) \n \nIBM Data Risk Manager| 2.0.6.4| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.5_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>)\n\n4) Apply [DRM_2.0.6.8_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.7&platform=Linux&function=all>)\n\n5) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>) \n \nIBM Data Risk Manager| 2.0.6.5| \n\n- \n\n\n| \n\n1) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.8_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.7&platform=Linux&function=all>)\n\n4) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>) \n \nIBM Data Risk Manager| 2.0.6.6| \n\n- \n\n\n| \n\n1) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.8_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.7&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>) \n \nIBM Data Risk Manager| 2.0.6.7 \n| \n\n- \n\n\n| \n\n1) Apply [DRM_2.0.6.8_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.7&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>) \n \nIBM Data Risk Manager| 2.0.6.8 \n| \n\n- \n\n\n| \n\n1) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>) \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-11T18:12:27", "type": "ibm", "title": "Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27170", "CVE-2020-27777", "CVE-2021-20227", "CVE-2021-2161", "CVE-2021-22118", "CVE-2021-22119", "CVE-2021-22555", "CVE-2021-2341", "CVE-2021-2369", "CVE-2021-2388", "CVE-2021-2432", "CVE-2021-29154", "CVE-2021-29650", "CVE-2021-30639", "CVE-2021-30640", "CVE-2021-32027", "CVE-2021-32028", "CVE-2021-33033", "CVE-2021-33034", "CVE-2021-33037", "CVE-2021-3347", "CVE-2021-33909", "CVE-2021-36690", "CVE-2021-3715", "CVE-2021-38862", "CVE-2021-38915", "CVE-2021-41079"], "modified": "2021-10-11T18:12:27", "id": "DFB2B8A17991C21AA572BC3D0FE7E4D2908FC84F553760CE8368AAFCE6C462AE", "href": "https://www.ibm.com/support/pages/node/6497499", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2023-12-04T00:31:13", "description": "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options don&#x27;t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. \n\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-23T20:51:58", "type": "redhatcve", "title": "CVE-2020-27777", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27777"], "modified": "2023-04-06T08:10:00", "id": "RH:CVE-2020-27777", "href": "https://access.redhat.com/security/cve/cve-2020-27777", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-09-01T00:25:34", "description": "[3.10.0-1160.41.1.OL7]\n- Update Oracle Linux certificates (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9\n- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)\n[3.10.0-1160.41.1]\n- ixgbe: fix warning: sysfs: cannot create duplicate filename (Daniel Vacek) [1915449]\n[3.10.0-1160.40.1]\n- redhat: ppc64: CONFIG_RTAS_FILTER (Aristeu Rozanski) [1906443] {CVE-2020-27777}\n- powerpc/rtas: Fix typo of ibm,open-errinjct in RTAS filter (Aristeu Rozanski) [1906443] {CVE-2020-27777}\n- powerpc/rtas: Restrict RTAS requests from userspace (Aristeu Rozanski) [1906443] {CVE-2020-27777}\n- IB/mlx5: Fix initializing CQ fragments buffer (Alaa Hleihel) [1962499]\n[3.10.0-1160.39.1]\n- netfilter: x_tables: fix compat match/target pad out-of-bound write (Florian Westphal) [1980489] {CVE-2021-22555}\n- Revert 'be2net: disable bh with spin_lock in be_process_mcc' (Petr Oros) [1971744]\n- futex: futex_requeue can potentially free the pi_state structure twice (Donghai Qiao) [1966856]\n- xfs: sync lazy sb accounting on quiesce of read-only mounts (Carlos Maiolino) [1921551]\n- scsi: lpfc: Fix crash caused by switch reboot (Dick Kennedy) [1897576]\n[3.10.0-1160.38.1]\n- seq_file: Disallow extremely large seq buffer allocations (Ian Kent) [1975251]\n- memcg, slab: Fix incorrect placement of rcu_head in struct memcg_cache_params (Waiman Long) [1951810]\n- netfilter: x_tables: Use correct memory barriers. (Phil Sutter) [1949087] {CVE-2021-29650}\n- netfilter: nf_nat: don't bug when mapping already exists (Florian Westphal) [1972970]\n- netfilter: don't setup nat info for confirmed ct (Florian Westphal) [1972970]\n[3.10.0-1160.37.1]\n- bluetooth: eliminate the potential race condition when removing the HCI controller (Gopal Tiwari) [1971457]\n- net: Update window_clamp if SOCK_RCVBUF is set (Balazs Nemeth) [1962196]\n- bpf, x86: Validate computation of branch displacements for x86-64 (Jiri Olsa) [1947249] {CVE-2021-29154}\n- mm: vmalloc: add cond_resched() in __vunmap() (Rafael Aquini) [1896794]\n- mm/vmalloc: __vmalloc_area_node(): avoid 32-bit overflow (Rafael Aquini) [1896794]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-31T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27777", "CVE-2021-22555", "CVE-2021-29154", "CVE-2021-29650", "CVE-2021-32399"], "modified": "2021-08-31T00:00:00", "id": "ELSA-2021-3327", "href": "http://linux.oracle.com/errata/ELSA-2021-3327.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-12T18:39:51", "description": "[4.18.0-348.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5\n[4.18.0-348]\n- drm/nouveau/fifo/ga102: initialise chid on return from channel creation (Ben Skeggs) [1997878]\n- drm/nouveau/ga102-: support ttm buffer moves via copy engine (Ben Skeggs) [1997878]\n- drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (Ben Skeggs) [1997878]\n- drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (Ben Skeggs) [1997878]\n- drm/nouveau/disp: power down unused DP links during init (Ben Skeggs) [1997878]\n- drm/nouveau: recognise GA107 (Ben Skeggs) [1997878]\n[4.18.0-347]\n- PCI: Mark TI C667X to avoid bus reset (Alex Williamson) [1975768]\n[4.18.0-346]\n- redhat: switch secureboot kernel image signing to release keys (Bruno Meneguele)\n- CI: handle RT branches in a single config (Veronika Kabatova)\n- CI: Fix RT check branch name (Veronika Kabatova)\n- CI: Drop private CI config (Veronika Kabatova)\n- CI: extend template use (Veronika Kabatova)\n- Revert 'Merge: mt7921e: enable new Mediatek wireless hardware' (Bruno Meneguele) [2009501]\n- megaraid_sas: fix concurrent access to ISR between IRQ polling and real interrupt (Tomas Henzl) [2009022]\n- scsi: megaraid_sas: mq_poll support (Tomas Henzl) [2009022]\n- [PATCH v2] scsi: qla2xxx: Suppress unnecessary log messages during login (Nilesh Javali) [1982186]\n- scsi: qla2xxx: Fix excessive messages during device logout (Nilesh Javali) [1982186]\n- PCI: pciehp: Ignore Link Down/Up caused by DPC (Myron Stowe) [1981741]\n- arm64: kpti: Fix 'kpti=off' when KASLR is enabled (Mark Salter) [1979731]\n- arm64: Fix CONFIG_ARCH_RANDOM=n build (Mark Salter) [1979731]\n- redhat/configs: aarch64: add CONFIG_ARCH_RANDOM (Mark Salter) [1979731]\n- arm64: Implement archrandom.h for ARMv8.5-RNG (Mark Salter) [1979731]\n- arm64: kconfig: Fix alignment of E0PD help text (Mark Salter) [1979731]\n- arm64: Use register field helper in kaslr_requires_kpti() (Mark Salter) [1979731]\n- arm64: Simplify early check for broken TX1 when KASLR is enabled (Mark Salter) [1979731]\n- arm64: Use a variable to store non-global mappings decision (Mark Salter) [1979731]\n- arm64: Dont use KPTI where we have E0PD (Mark Salter) [1979731]\n- arm64: Factor out checks for KASLR in KPTI code into separate function (Mark Salter) [1979731]\n- redhat/configs: Add CONFIG_ARM64_E0PD (Mark Salter) [1979731]\n- arm64: Add initial support for E0PD (Mark Salter) [1979731]\n- arm64: cpufeature: Export matrix and other features to userspace (Mark Salter) [1980098]\n- arm64: docs: cpu-feature-registers: Document ID_AA64PFR1_EL1 (Mark Salter) [1980098]\n- docs/arm64: cpu-feature-registers: Rewrite bitfields that dont follow [e, s] (Mark Salter) [1980098]\n- docs/arm64: cpu-feature-registers: Documents missing visible fields (Mark Salter) [1980098]\n- arm64: Introduce system_capabilities_finalized() marker (Mark Salter) [1980098]\n- arm64: entry.S: Do not preempt from IRQ before all cpufeatures are enabled (Mark Salter) [1980098]\n- docs/arm64: elf_hwcaps: Document HWCAP_SB (Mark Salter) [1980098]\n- docs/arm64: elf_hwcaps: sort the HWCAP{, 2} documentation by ascending value (Mark Salter) [1980098]\n- arm64: cpufeature: Treat ID_AA64ZFR0_EL1 as RAZ when SVE is not enabled (Mark Salter) [1980098]\n- arm64: cpufeature: Effectively expose FRINT capability to userspace (Mark Salter) [1980098]\n- arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (Mark Salter) [1980098]\n- arm64: Expose FRINT capabilities to userspace (Mark Salter) [1980098]\n- arm64: Expose ARMv8.5 CondM capability to userspace (Mark Salter) [1980098]\n- docs: arm64: convert perf.txt to ReST format (Mark Salter) [1980098]\n- docs: arm64: convert docs to ReST and rename to .rst (Mark Salter) [1980098]\n- Documentation/arm64: HugeTLB page implementation (Mark Salter) [1980098]\n- Documentation/arm64/sve: Couple of improvements and typos (Mark Salter) [1980098]\n- arm64: cpufeature: Fix missing ZFR0 in __read_sysreg_by_encoding() (Mark Salter) [1980098]\n- arm64: Expose SVE2 features for userspace (Mark Salter) [1980098]\n- arm64: Advertise ARM64_HAS_DCPODP cpu feature (Mark Salter) [1980098]\n- arm64: add CVADP support to the cache maintenance helper (Mark Salter) [1980098]\n- arm64: Fix minor issues with the dcache_by_line_op macro (Mark Salter) [1980098]\n- arm64: Expose DC CVADP to userspace (Mark Salter) [1980098]\n- arm64: Handle trapped DC CVADP (Mark Salter) [1980098]\n- arm64: HWCAP: encapsulate elf_hwcap (Mark Salter) [1980098]\n- arm64: HWCAP: add support for AT_HWCAP2 (Mark Salter) [1980098]\n- x86/MCE/AMD, EDAC/mce_amd: Add new SMCA bank types (Aristeu Rozanski) [1965331]\n- x86/MCE/AMD, EDAC/mce_amd: Remove struct smca_hwid.xec_bitmap (Aristeu Rozanski) [1965331]\n- EDAC, mce_amd: Print ExtErrorCode and description on a single line (Aristeu Rozanski) [1965331]\n[4.18.0-345]\n- e1000e: Do not take care about recovery NVM checksum (Ken Cox) [1984558]\n- qrtr: disable CONFIG_QRTR for non x86_64 archs (inigo Huguet) [1999642]\n- ceph: fix possible null-pointer dereference in ceph_mdsmap_decode() (Jeff Layton) [1989999]\n- ceph: fix dereference of null pointer cf (Jeff Layton) [1989999]\n- ceph: correctly handle releasing an embedded cap flush (Jeff Layton) [1989999]\n- ceph: take snap_empty_lock atomically with snaprealm refcount change (Jeff Layton) [1989999]\n- ceph: dont WARN if were still opening a session to an MDS (Jeff Layton) [1989999]\n- rbd: dont hold lock_rwsem while running_list is being drained (Jeff Layton) [1989999]\n- rbd: always kick acquire on 'acquired' and 'released' notifications (Jeff Layton) [1989999]\n- ceph: take reference to req->r_parent at point of assignment (Jeff Layton) [1989999]\n- ceph: eliminate ceph_async_iput() (Jeff Layton) [1989999]\n- ceph: dont take s_mutex in ceph_flush_snaps (Jeff Layton) [1989999]\n- ceph: dont take s_mutex in try_flush_caps (Jeff Layton) [1989999]\n- ceph: dont take s_mutex or snap_rwsem in ceph_check_caps (Jeff Layton) [1989999]\n- ceph: eliminate session->s_gen_ttl_lock (Jeff Layton) [1989999]\n- ceph: allow ceph_put_mds_session to take NULL or ERR_PTR (Jeff Layton) [1989999]\n- ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (Jeff Layton) [1989999]\n- ceph: add some lockdep assertions around snaprealm handling (Jeff Layton) [1989999]\n- ceph: decoding error in ceph_update_snap_realm should return -EIO (Jeff Layton) [1989999]\n- ceph: add IO size metrics support (Jeff Layton) [1989999]\n- ceph: update and rename __update_latency helper to __update_stdev (Jeff Layton) [1989999]\n- ceph: simplify the metrics struct (Jeff Layton) [1989999]\n- libceph: fix doc warnings in cls_lock_client.c (Jeff Layton) [1989999]\n- libceph: remove unnecessary ret variable in ceph_auth_init() (Jeff Layton) [1989999]\n- libceph: kill ceph_none_authorizer::reply_buf (Jeff Layton) [1989999]\n- ceph: make ceph_queue_cap_snap static (Jeff Layton) [1989999]\n- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (Jeff Layton) [1989999]\n- libceph: set global_id as soon as we get an auth ticket (Jeff Layton) [1989999]\n- libceph: dont pass result into ac->ops->handle_reply() (Jeff Layton) [1989999]\n- ceph: fix error handling in ceph_atomic_open and ceph_lookup (Jeff Layton) [1989999]\n- ceph: must hold snap_rwsem when filling inode for async create (Jeff Layton) [1989999]\n- libceph: Fix spelling mistakes (Jeff Layton) [1989999]\n- libceph: dont set global_id until we get an auth ticket (Jeff Layton) [1989999]\n- libceph: bump CephXAuthenticate encoding version (Jeff Layton) [1989999]\n- ceph: dont allow access to MDS-private inodes (Jeff Layton) [1989999]\n- ceph: fix up some bare fetches of i_size (Jeff Layton) [1989999]\n- ceph: support getting ceph.dir.rsnaps vxattr (Jeff Layton) [1989999]\n- ceph: drop pinned_page parameter from ceph_get_caps (Jeff Layton) [1989999]\n- ceph: fix inode leak on getattr error in __fh_to_dentry (Jeff Layton) [1989999]\n- ceph: only check pool permissions for regular files (Jeff Layton) [1989999]\n- ceph: send opened files/pinned caps/opened inodes metrics to MDS daemon (Jeff Layton) [1989999]\n- ceph: avoid counting the same request twice or more (Jeff Layton) [1989999]\n- ceph: rename the metric helpers (Jeff Layton) [1989999]\n- ceph: fix kerneldoc copypasta over ceph_start_io_direct (Jeff Layton) [1989999]\n- ceph: dont use d_add in ceph_handle_snapdir (Jeff Layton) [1989999]\n- ceph: dont clobber i_snap_caps on non-I_NEW inode (Jeff Layton) [1989999]\n- ceph: fix fall-through warnings for Clang (Jeff Layton) [1989999]\n- net: ceph: Fix a typo in osdmap.c (Jeff Layton) [1989999]\n- ceph: dont allow type or device number to change on non-I_NEW inodes (Jeff Layton) [1989999]\n- ceph: defer flushing the capsnap if the Fb is used (Jeff Layton) [1989999]\n- ceph: allow queueing cap/snap handling after putting cap references (Jeff Layton) [1989999]\n- ceph: clean up inode work queueing (Jeff Layton) [1989999]\n- ceph: fix flush_snap logic after putting caps (Jeff Layton) [1989999]\n- libceph: fix 'Boolean result is used in bitwise operation' warning (Jeff Layton) [1989999]\n- new helper: inode_wrong_type() (Jeff Layton) [1989999]\n- kabi: Adding symbol single_release (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol single_open (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol seq_read (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol seq_printf (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol seq_lseek (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol unregister_chrdev_region (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol cdev_init (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol cdev_del (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol cdev_alloc (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol cdev_add (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol alloc_chrdev_region (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol pcie_capability_read_word (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pcie_capability_read_dword (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pcie_capability_clear_and_set_word (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_write_config_dword (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_write_config_byte (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_set_power_state (drivers/pci/pci.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_read_config_dword (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_read_config_byte (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_irq_vector (drivers/pci/msi.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_get_device (drivers/pci/search.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_free_irq_vectors (drivers/pci/msi.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_alloc_irq_vectors_affinity (drivers/pci/msi.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol kexec_crash_loaded (kernel/kexec_core.c) (cestmir Kalina) [1945491]\n[4.18.0-344]\n- perf/x86/intel: Fix PEBS-via-PT reload base value for Extended PEBS (Michael Petlan) [1998051]\n- perf/x86/intel/uncore: Fix Add BW copypasta (Michael Petlan) [1998051]\n- perf/x86/intel/uncore: Add BW counters for GT, IA and IO breakdown (Michael Petlan) [1998051]\n- Revert 'ice: Add initial support framework for LAG' (Michal Schmidt) [1999016]\n- net: re-initialize slow_gro flag at gro_list_prepare time (Paolo Abeni) [2002367]\n- cxgb4: dont touch blocked freelist bitmap after free (Rahul Lakkireddy) [1998148]\n- cxgb4vf: configure ports accessible by the VF (Rahul Lakkireddy) [1961329]\n- scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (Dick Kennedy) [1976332]\n- scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (Dick Kennedy) [1976332]\n- scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (Dick Kennedy) [1976332]\n[4.18.0-343]\n- rcu: Avoid unneeded function call in rcu_read_unlock() (Waiman Long) [1997500]\n- mt76: connac: do not schedule mac_work if the device is not running (Inigo Huguet) [1956419 1972045]\n- mt7921e: enable module in config (Inigo Huguet) [1956419 1972045]\n- Revert tools/power/cpupower: Read energy_perf_bias from sysfs (Steve Best) [1999926]\n- libnvdimm/namespace: Differentiate between probe mapping and runtime mapping (Jeff Moyer) [1795719]\n- libnvdimm/pfn_dev: Dont clear device memmap area during generic namespace probe (Jeff Moyer) [1795719]\n- perf/x86/intel/uncore: Clean up error handling path of iio mapping (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Fix for iio mapping on Skylake Server (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Generic support for the MMIO type of uncore blocks (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Generic support for the PCI type of uncore blocks (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Rename uncore_notifier to uncore_pci_sub_notifier (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Generic support for the MSR type of uncore blocks (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Parse uncore discovery tables (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Expose an Uncore unit to IIO PMON mapping (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Wrap the max dies calculation into an accessor (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Expose an Uncore unit to PMON mapping (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Validate MMIO address before accessing (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Record the size of mapped area (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Fix oops when counting IMC uncore events on some TGL (Michael Petlan) [1837330]\n- crypto: qat - remove unused macro in FW loader (Vladis Dronov) [1920086]\n- crypto: qat - check return code of qat_hal_rd_rel_reg() (Vladis Dronov) [1920086]\n- crypto: qat - report an error if MMP file size is too large (Vladis Dronov) [1920086]\n- crypto: qat - check MMP size before writing to the SRAM (Vladis Dronov) [1920086]\n- crypto: qat - return error when failing to map FW (Vladis Dronov) [1920086]\n- crypto: qat - enable detection of accelerators hang (Vladis Dronov) [1920086]\n- crypto: qat - Fix a double free in adf_create_ring (Vladis Dronov) [1920086]\n- crypto: qat - fix error path in adf_isr_resource_alloc() (Vladis Dronov) [1920086]\n- crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (Vladis Dronov) [1920086]\n- crypto: qat - dont release uninitialized resources (Vladis Dronov) [1920086]\n- crypto: qat - fix use of 'dma_map_single' (Vladis Dronov) [1920086]\n- crypto: qat - fix unmap invalid dma address (Vladis Dronov) [1920086]\n- crypto: qat - fix spelling mistake: 'messge' -> 'message' (Vladis Dronov) [1920086]\n- crypto: qat - reduce size of mapped region (Vladis Dronov) [1920086]\n- crypto: qat - change format string and cast ring size (Vladis Dronov) [1920086]\n- crypto: qat - fix potential spectre issue (Vladis Dronov) [1920086]\n- crypto: qat - configure arbiter mapping based on engines enabled (Vladis Dronov) [1920086]\n[4.18.0-342]\n- selftest: netfilter: add test case for unreplied tcp connections (Florian Westphal) [1991523]\n- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (Florian Westphal) [1991523]\n- net/sched: store the last executed chain also for clsact egress (Davide Caratti) [1980537]\n- ice: fix Tx queue iteration for Tx timestamp enablement (Ken Cox) [1999743]\n- perf evsel: Add missing cloning of evsel->use_config_name (Michael Petlan) [1838635]\n- perf Documentation: Document intel-hybrid support (Michael Petlan) [1838635]\n- perf tests: Skip 'perf stat metrics (shadow stat) test' for hybrid (Michael Petlan) [1838635]\n- perf tests: Support 'Convert perf time to TSC' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Support 'Session topology' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Support 'Parse and process metrics' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Support 'Track with sched_switch' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Skip 'Setup struct perf_event_attr' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Add hybrid cases for 'Roundtrip evsel->name' test (Michael Petlan) [1838635]\n- perf tests: Add hybrid cases for 'Parse event definition strings' test (Michael Petlan) [1838635]\n- perf record: Uniquify hybrid event name (Michael Petlan) [1838635]\n- perf stat: Warn group events from different hybrid PMU (Michael Petlan) [1838635]\n- perf stat: Filter out unmatched aggregation for hybrid event (Michael Petlan) [1838635]\n- perf stat: Add default hybrid events (Michael Petlan) [1838635]\n- perf record: Create two hybrid 'cycles' events by default (Michael Petlan) [1838635]\n- perf parse-events: Support event inside hybrid pmu (Michael Petlan) [1838635]\n- perf parse-events: Compare with hybrid pmu name (Michael Petlan) [1838635]\n- perf parse-events: Create two hybrid raw events (Michael Petlan) [1838635]\n- perf parse-events: Create two hybrid cache events (Michael Petlan) [1838635]\n- perf parse-events: Create two hybrid hardware events (Michael Petlan) [1838635]\n- perf stat: Uniquify hybrid event name (Michael Petlan) [1838635]\n- perf pmu: Add hybrid helper functions (Michael Petlan) [1838635]\n- perf pmu: Save detected hybrid pmus to a global pmu list (Michael Petlan) [1838635]\n- perf pmu: Save pmu name (Michael Petlan) [1838635]\n- perf pmu: Simplify arguments of __perf_pmu__new_alias (Michael Petlan) [1838635]\n- perf jevents: Support unit value 'cpu_core' and 'cpu_atom' (Michael Petlan) [1838635]\n- tools headers uapi: Update toolss copy of linux/perf_event.h (Michael Petlan) [1838635]\n[4.18.0-341]\n- mptcp: Only send extra TCP acks in eligible socket states (Paolo Abeni) [1997178]\n- mptcp: fix possible divide by zero (Paolo Abeni) [1997178]\n- mptcp: drop tx skb cache (Paolo Abeni) [1997178]\n- mptcp: fix memory leak on address flush (Paolo Abeni) [1997178]\n- ice: Only lock to update netdev dev_addr (Michal Schmidt) [1995868]\n- ice: restart periodic outputs around time changes (Ken Cox) [1992750]\n- ice: Fix perout start time rounding (Ken Cox) [1992750]\n- net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (Davide Caratti) [1981184]\n- ovl: prevent private clone if bind mount is not allowed (Miklos Szeredi) [1993131] {CVE-2021-3732}\n- gfs2: Dont call dlm after protocol is unmounted (Bob Peterson) [1997193]\n- gfs2: dont stop reads while withdraw in progress (Bob Peterson) [1997193]\n- gfs2: Mark journal inodes as 'dont cache' (Bob Peterson) [1997193]\n- bpf: bpftool: Add -fno-asynchronous-unwind-tables to BPF Clang invocation (Yauheni Kaliuta) [1997124]\n- perf/x86/intel: Apply mid ACK for small core (Michael Petlan) [1838573]\n- perf/x86/intel/lbr: Zero the xstate buffer on allocation (Michael Petlan) [1838573]\n- perf: Fix task context PMU for Hetero (Michael Petlan) [1838573]\n- perf/x86/intel: Fix fixed counter check warning for some Alder Lake (Michael Petlan) [1838573]\n- perf/x86/lbr: Remove cpuc->lbr_xsave allocation from atomic context (Michael Petlan) [1838573]\n- x86/fpu/xstate: Fix an xstate size check warning with architectural LBRs (Michael Petlan) [1838573]\n- perf/x86/rapl: Add support for Intel Alder Lake (Michael Petlan) [1838573]\n- perf/x86/cstate: Add Alder Lake CPU support (Michael Petlan) [1838573]\n- perf/x86/msr: Add Alder Lake CPU support (Michael Petlan) [1838573]\n- perf/x86/intel/uncore: Add Alder Lake support (Michael Petlan) [1838573]\n- perf: Extend PERF_TYPE_HARDWARE and PERF_TYPE_HW_CACHE (Michael Petlan) [1838573]\n- perf/x86/intel: Add Alder Lake Hybrid support (Michael Petlan) [1838573]\n- perf/x86: Support filter_match callback (Michael Petlan) [1838573]\n- perf/x86/intel: Add attr_update for Hybrid PMUs (Michael Petlan) [1838573]\n- perf/x86: Add structures for the attributes of Hybrid PMUs (Michael Petlan) [1838573]\n- perf/x86: Register hybrid PMUs (Michael Petlan) [1838573]\n- perf/x86: Factor out x86_pmu_show_pmu_cap (Michael Petlan) [1838573]\n- perf/x86: Remove temporary pmu assignment in event_init (Michael Petlan) [1838573]\n- perf/x86/intel: Factor out intel_pmu_check_extra_regs (Michael Petlan) [1838573]\n- perf/x86/intel: Factor out intel_pmu_check_event_constraints (Michael Petlan) [1838573]\n- perf/x86/intel: Factor out intel_pmu_check_num_counters (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for extra_regs (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for event constraints (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for hardware cache event (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for unconstrained (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for counters (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for intel_ctrl (Michael Petlan) [1838573]\n- perf/x86/intel: Hybrid PMU support for perf capabilities (Michael Petlan) [1838573]\n- perf/x86: Track pmu in per-CPU cpu_hw_events (Michael Petlan) [1838573]\n- perf/x86/intel/lbr: Support XSAVES for arch LBR read (Michael Petlan) [1838573]\n- perf/x86/intel/lbr: Support XSAVES/XRSTORS for LBR context switch (Michael Petlan) [1838573]\n- x86/fpu/xstate: Add helpers for LBR dynamic supervisor feature (Michael Petlan) [1838573]\n- x86/fpu/xstate: Support dynamic supervisor feature for LBR (Michael Petlan) [1838573]\n- x86/fpu: Use proper mask to replace full instruction mask (Michael Petlan) [1838573]\n- x86/cpu: Add helper function to get the type of the current hybrid CPU (Michael Petlan) [1838573]\n- x86/cpufeatures: Enumerate Intel Hybrid Technology feature bit (Michael Petlan) [1838573]\n- HID: make arrays usage and value to be the same (Benjamin Tissoires) [1974942]\n- ACPI: PM: s2idle: Invert Microsoft UUID entry and exit (David Arcari) [1960440]\n- platform/x86: amd-pmc: Fix undefined reference to __udivdi3 (David Arcari) [1960440]\n- platform/x86: amd-pmc: Fix missing unlock on error in amd_pmc_send_cmd() (David Arcari) [1960440]\n- platform/x86: amd-pmc: Use return code on suspend (David Arcari) [1960440]\n- platform/x86: amd-pmc: Add new acpi id for future PMC controllers (David Arcari) [1960440]\n- platform/x86: amd-pmc: Add support for ACPI ID AMDI0006 (David Arcari) [1960440]\n- platform/x86: amd-pmc: Add support for logging s0ix counters (David Arcari) [1960440]\n- platform/x86: amd-pmc: Add support for logging SMU metrics (David Arcari) [1960440]\n- platform/x86: amd-pmc: call dump registers only once (David Arcari) [1960440]\n- platform/x86: amd-pmc: Fix SMU firmware reporting mechanism (David Arcari) [1960440]\n- platform/x86: amd-pmc: Fix command completion code (David Arcari) [1960440]\n- usb: pci-quirks: disable D3cold on xhci suspend for s2idle on AMD Renoir (David Arcari) [1960440]\n- ACPI: PM: Only mark EC GPE for wakeup on Intel systems (David Arcari) [1960440]\n- ACPI: PM: Adjust behavior for field problems on AMD systems (David Arcari) [1960440]\n- ACPI: PM: s2idle: Add support for new Microsoft UUID (David Arcari) [1960440]\n- ACPI: PM: s2idle: Add support for multiple func mask (David Arcari) [1960440]\n- ACPI: PM: s2idle: Refactor common code (David Arcari) [1960440]\n- ACPI: PM: s2idle: Use correct revision id (David Arcari) [1960440]\n- ACPI: PM: s2idle: Add missing LPS0 functions for AMD (David Arcari) [1960440]\n- lockd: Fix invalid lockowner cast after vfs_test_lock (Benjamin Coddington) [1986138]\n[4.18.0-340]\n- blk-mq: fix is_flush_rq (Ming Lei) [1992700]\n- blk-mq: fix kernel panic during iterating over flush request (Ming Lei) [1992700]\n[4.18.0-339]\n- smb2: fix use-after-free in smb2_ioctl_query_info() (Ronnie Sahlberg) [1952781]\n- dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (Mike Snitzer) [1996854]\n- md/raid10: Remove rcu_dereference when it doesnt need rcu lock to protect (Nigel Croxon) [1978115]\n- scsi: csiostor: Mark known unused variable as __always_unused (Raju Rangoju) [1961333]\n- scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (Raju Rangoju) [1961333]\n- scsi: csiostor: Remove set but not used variable 'rln' (Raju Rangoju) [1961333]\n- scsi: csiostor: Return value not required for csio_dfs_destroy (Raju Rangoju) [1961333]\n- scsi: csiostor: Fix NULL check before debugfs_remove_recursive (Raju Rangoju) [1961333]\n- scsi: csiostor: Dont enable IRQs too early (Raju Rangoju) [1961333]\n- scsi: csiostor: Fix spelling typos (Raju Rangoju) [1961333]\n- scsi: csiostor: Prefer pcie_capability_read_word() (Raju Rangoju) [1961333]\n- scsi: target: cxgbit: Unmap DMA buffer before calling target_execute_cmd() (Raju Rangoju) [1961394]\n- net: Use skb_frag_off accessors (Raju Rangoju) [1961394]\n- net: Use skb accessors in network drivers (Raju Rangoju) [1961394]\n- cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (Raju Rangoju) [1961394]\n- scsi: libcxgbi: Fix a use after free in cxgbi_conn_xmit_pdu() (Raju Rangoju) [1961394]\n- scsi: libcxgbi: Use kvzalloc instead of opencoded kzalloc/vzalloc (Raju Rangoju) [1961394]\n- scsi: libcxgbi: Remove unnecessary NULL checks for 'tdata' pointer (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Remove an unnecessary NULL check for 'cconn' pointer (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Clean up a debug printk (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Fix dereference of pointer tdata before it is null checked (Raju Rangoju) [1961394]\n- scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() (Raju Rangoju) [1961394]\n- scsi: libcxgbi: remove unused function to stop warning (Raju Rangoju) [1961394]\n- scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() (Raju Rangoju) [1961394]\n- net/chelsio: Delete drive and module versions (Raju Rangoju) [1961394]\n- chelsio: Replace zero-length array with flexible-array member (Raju Rangoju) [1961394]\n- [netdrv] treewide: prefix header search paths with / (Raju Rangoju) [1961394]\n- libcxgb: fix incorrect ppmax calculation (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Fix TLS dependency (Raju Rangoju) [1961394]\n- [target] treewide: Use fallthrough pseudo-keyword (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Add support for iSCSI segmentation offload (Raju Rangoju) [1961394]\n- [target] treewide: Use sizeof_field() macro (Raju Rangoju) [1961394]\n- [target] treewide: replace '---help---' in Kconfig files with 'help' (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Remove superfluous null check (Raju Rangoju) [1961394]\n[4.18.0-338]\n- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) (Jon Maloy) [1985413] {CVE-2021-3653}\n- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) (Jon Maloy) [1985430] {CVE-2021-3656}\n- drm/i915/rkl: Remove require_force_probe protection (Lyude Paul) [1985159]\n- drm/i915/display: support ddr5 mem types (Lyude Paul) [1992233]\n- drm/i915/adl_s: Update ddi buf translation tables (Lyude Paul) [1992233]\n- drm/i915/adl_s: Wa_14011765242 is also needed on A1 display stepping (Lyude Paul) [1992233]\n- drm/i915/adl_s: Extend Wa_1406941453 (Lyude Paul) [1992233]\n- drm/i915: Implement Wa_1508744258 (Lyude Paul) [1992233]\n- drm/i915/adl_s: Fix dma_mask_size to 39 bit (Lyude Paul) [1992233]\n- drm/i915: Add the missing adls vswing tables (Lyude Paul) [1992233]\n- drm/i915: Add Wa_14011060649 (Lyude Paul) [1992233]\n- drm/i915/adl_s: Add Interrupt Support (Lyude Paul) [1992233]\n- drm/amdgpu: add another Renoir DID (Lyude Paul) [1980900]\n[4.18.0-337]\n- net/mlx5: Fix flow table chaining (Amir Tzin) [1987139]\n- openvswitch: fix sparse warning incorrect type (Mark Gray) [1992773]\n- openvswitch: fix alignment issues (Mark Gray) [1992773]\n- openvswitch: update kdoc OVS_DP_ATTR_PER_CPU_PIDS (Mark Gray) [1992773]\n- openvswitch: Introduce per-cpu upcall dispatch (Mark Gray) [1992773]\n- KVM: X86: Expose bus lock debug exception to guest (Paul Lai) [1842322]\n- KVM: X86: Add support for the emulation of DR6_BUS_LOCK bit (Paul Lai) [1842322]\n- scsi: libfc: Fix array index out of bound exception (Chris Leech) [1972643]\n- scsi: libfc: FDMI enhancements (Chris Leech) [1972643]\n- scsi: libfc: Add FDMI-2 attributes (Chris Leech) [1972643]\n- scsi: qedf: Add vendor identifier attribute (Chris Leech) [1972643]\n- scsi: libfc: Initialisation of RHBA and RPA attributes (Chris Leech) [1972643]\n- scsi: libfc: Correct the condition check and invalid argument passed (Chris Leech) [1972643]\n- scsi: libfc: Work around -Warray-bounds warning (Chris Leech) [1972643]\n- scsi: fc: FDMI enhancement (Chris Leech) [1972643]\n- scsi: libfc: Move scsi/fc_encode.h to libfc (Chris Leech) [1972643]\n- scsi: fc: Correct RHBA attributes length (Chris Leech) [1972643]\n- block: return ELEVATOR_DISCARD_MERGE if possible (Ming Lei) [1991976]\n- x86/fpu: Prevent state corruption in __fpu__restore_sig() (Terry Bowman) [1970086]\n- x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer (Terry Bowman) [1970086]\n- x86/pkru: Write hardware init value to PKRU when xstate is init (Terry Bowman) [1970086]\n- x86/process: Check PF_KTHREAD and not current->mm for kernel threads (Terry Bowman) [1970086]\n- x86/fpu: Add address range checks to copy_user_to_xstate() (Terry Bowman) [1970086]\n- selftests/x86: Test signal frame XSTATE header corruption handling (Terry Bowman) [1970086]\n- Bump DRM backport version to 5.12.14 (Lyude Paul) [1944405]\n- drm/i915: Use the correct max source link rate for MST (Lyude Paul) [1944405 1966599]\n- drm/dp_mst: Use Extended Base Receiver Capability DPCD space (Lyude Paul) [1944405 1966599]\n- drm/i915/display: Defeature PSR2 for RKL and ADL-S (Lyude Paul) [1944405]\n- drm/i915/adl_s: ADL-S platform Update PCI ids for Mobile BGA (Lyude Paul) [1944405]\n- drm/amdgpu: wait for moving fence after pinning (Lyude Paul) [1944405]\n- drm/radeon: wait for moving fence after pinning (Lyude Paul) [1944405]\n- drm/nouveau: wait for moving fence after pinning v2 (Lyude Paul) [1944405]\n- radeon: use memcpy_to/fromio for UVD fw upload (Lyude Paul) [1944405]\n- drm/amd/amdgpu:save psp ring wptr to avoid attack (Lyude Paul) [1944405]\n- drm/amd/display: Fix potential memory leak in DMUB hw_init (Lyude Paul) [1944405]\n- drm/amdgpu: refine amdgpu_fru_get_product_info (Lyude Paul) [1944405]\n- drm/amd/display: Allow bandwidth validation for 0 streams. (Lyude Paul) [1944405]\n- drm: Lock pointer access in drm_master_release() (Lyude Paul) [1944405]\n- drm: Fix use-after-free read in drm_getunique() (Lyude Paul) [1944405]\n- drm/amdgpu: make sure we unpin the UVD BO (Lyude Paul) [1944405]\n- drm/amdgpu: Dont query CE and UE errors (Lyude Paul) [1944405]\n- drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (Lyude Paul) [1944405]\n- drm/i915/selftests: Fix return value check in live_breadcrumbs_smoketest() (Lyude Paul) [1944405]\n- drm/amdgpu: stop touching sched.ready in the backend (Lyude Paul) [1944405]\n- drm/amd/amdgpu: fix a potential deadlock in gpu reset (Lyude Paul) [1944405]\n- drm/amdgpu: Fix a use-after-free (Lyude Paul) [1944405]\n- drm/amd/amdgpu: fix refcount leak (Lyude Paul) [1944405]\n- drm/amd/display: Disconnect non-DP with no EDID (Lyude Paul) [1944405]\n- drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error (Lyude Paul) [1944405]\n- drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amd/pm: correct MGpuFanBoost setting (Lyude Paul) [1944405]\n- drm/i915: Reenable LTTPR non-transparent LT mode for DPCD_REV<1.4 (Lyude Paul) [1944405]\n- drm/i915/gt: Disable HiZ Raw Stall Optimization on broken gen7 (Lyude Paul) [1944405]\n- dma-buf: fix unintended pin/unpin warnings (Lyude Paul) [1944405]\n- drm/amdgpu: update sdma golden setting for Navi12 (Lyude Paul) [1944405]\n- drm/amdgpu: update gc golden setting for Navi12 (Lyude Paul) [1944405]\n- drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (Lyude Paul) [1944405]\n- drm/amdgpu: Fix GPU TLB update error when PAGE_SIZE > AMDGPU_PAGE_SIZE (Lyude Paul) [1944405]\n- drm/radeon: use the dummy page for GART if needed (Lyude Paul) [1944405]\n- drm/amd/display: Use the correct max downscaling value for DCN3.x family (Lyude Paul) [1944405]\n- drm/i915/gem: Pin the L-shape quirked object as unshrinkable (Lyude Paul) [1944405]\n- drm/ttm: Do not add non-system domain BO into swap list (Lyude Paul) [1944405]\n- drm/amd/display: Fix two cursor duplication when using overlay (Lyude Paul) [1944405]\n- amdgpu/pm: Prevent force of DCEFCLK on NAVI10 and SIENNA_CICHLID (Lyude Paul) [1944405]\n- drm/i915/display: fix compiler warning about array overrun (Lyude Paul) [1944405]\n- drm/i915: Fix crash in auto_retire (Lyude Paul) [1944405]\n- drm/i915/overlay: Fix active retire callback alignment (Lyude Paul) [1944405]\n- drm/i915: Read C0DRB3/C1DRB3 as 16 bits again (Lyude Paul) [1944405]\n- drm/i915/gt: Fix a double free in gen8_preallocate_top_level_pdp (Lyude Paul) [1944405]\n- drm/i915/dp: Use slow and wide link training for everything (Lyude Paul) [1944405]\n- drm/i915: Avoid div-by-zero on gen2 (Lyude Paul) [1944405]\n- drm/amd/display: Initialize attribute for hdcp_srm sysfs file (Lyude Paul) [1944405]\n- drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (Lyude Paul) [1944405]\n- drm/radeon: Avoid power table parsing memory leaks (Lyude Paul) [1944405]\n- drm/radeon: Fix off-by-one power_state index heap overwrite (Lyude Paul) [1944405]\n- drm/amdgpu: Add mem sync flag for IB allocated by SA (Lyude Paul) [1944405]\n- drm/amd/display: add handling for hdcp2 rx id list validation (Lyude Paul) [1944405]\n- drm/amd/display: fixed divide by zero kernel crash during dsc enablement (Lyude Paul) [1944405]\n- drm/amd/display: Force vsync flip when reconfiguring MPCC (Lyude Paul) [1944405]\n- arm64: enable tlbi range instructions (Jeremy Linton) [1861872]\n- arm64: tlb: Use the TLBI RANGE feature in arm64 (Jeremy Linton) [1861872]\n- arm64: tlb: Detect the ARMv8.4 TLBI RANGE feature (Jeremy Linton) [1861872]\n- arm64/cpufeature: Add remaining feature bits in ID_AA64ISAR0 register (Jeremy Linton) [1861872]\n- arm64: tlbflush: Ensure start/end of address range are aligned to stride (Jeremy Linton) [1861872]\n- arm64: Detect the ARMv8.4 TTL feature (Jeremy Linton) [1861872]\n- arm64: tlbi: Set MAX_TLBI_OPS to PTRS_PER_PTE (Jeremy Linton) [1861872]\n[4.18.0-336]\n- bpf: Fix integer overflow involving bucket_size (Jiri Olsa) [1992588]\n- bpf: Fix leakage due to insufficient speculative store bypass mitigation (Jiri Olsa) [1992588]\n- bpf: Introduce BPF nospec instruction for mitigating Spectre v4 (Jiri Olsa) [1992588]\n- bpf: Fix OOB read when printing XDP link fdinfo (Jiri Olsa) [1992588]\n- bpf, test: fix NULL pointer dereference on invalid expected_attach_type (Jiri Olsa) [1992588]\n- bpf: Fix tail_call_reachable rejection for interpreter when jit failed (Jiri Olsa) [1992588]\n- bpf: Track subprog poke descriptors correctly and fix use-after-free (Jiri Olsa) [1992588]\n- bpf: Fix null ptr deref with mixed tail calls and subprogs (Jiri Olsa) [1992588]\n- bpf: Fix leakage under speculation on mispredicted branches (Jiri Olsa) [1992588]\n- bpf: Set mac_len in bpf_skb_change_head (Jiri Olsa) [1992588]\n- bpf: Prevent writable memory-mapping of read-only ringbuf pages (Jiri Olsa) [1992588]\n- bpf: Fix alu32 const subreg bound tracking on bitwise operations (Jiri Olsa) [1992588]\n- xsk: Fix broken Tx ring validation (Jiri Olsa) [1992588]\n- xsk: Fix for xp_aligned_validate_desc() when len == chunk_size (Jiri Olsa) [1992588]\n- bpf: link: Refuse non-O_RDWR flags in BPF_OBJ_GET (Jiri Olsa) [1992588]\n- bpf: Refcount task stack in bpf_get_task_stack (Jiri Olsa) [1992588]\n- bpf: Use NOP_ATOMIC5 instead of emit_nops(&prog, 5) for BPF_TRAMP_F_CALL_ORIG (Jiri Olsa) [1992588]\n- selftest/bpf: Add a test to check trampoline freeing logic. (Jiri Olsa) [1992588]\n- bpf: Fix fexit trampoline. (Jiri Olsa) [1992588]\n- ftrace: Fix modify_ftrace_direct. (Jiri Olsa) [1992588]\n- ftrace: Add a helper function to modify_ftrace_direct() to allow arch optimization (Jiri Olsa) [1992588]\n- ftrace: Add helper find_direct_entry() to consolidate code (Jiri Olsa) [1992588]\n- bpf: Fix truncation handling for mod32 dst reg wrt zero (Jiri Olsa) [1992588]\n- bpf: Fix an unitialized value in bpf_iter (Jiri Olsa) [1992588]\n- bpf_lru_list: Read double-checked variable once without lock (Jiri Olsa) [1992588]\n- mt76: validate rx A-MSDU subframes (Inigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}\n- ath11k: Drop multicast fragments (Inigo Huguet) [1991459] {CVE-2020-26145}\n- ath11k: Clear the fragment cache during key install (Inigo Huguet) [1991459] {CVE-2020-24587}\n- ath10k: Validate first subframe of A-MSDU before processing the list (Inigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}\n- ath10k: Fix TKIP Michael MIC verification for PCIe (Inigo Huguet) [1991459] {CVE-2020-26141}\n- ath10k: drop MPDU which has discard flag set by firmware for SDIO (Inigo Huguet) [1991459] {CVE-2020-24588}\n- ath10k: drop fragments with multicast DA for SDIO (Inigo Huguet) [1991459] {CVE-2020-26145}\n- ath10k: drop fragments with multicast DA for PCIe (Inigo Huguet) [1991459] {CVE-2020-26145}\n- ath10k: add CCMP PN replay protection for fragmented frames for PCIe (Inigo Huguet) [1991459]\n- mac80211: extend protection against mixed key and fragment cache attacks (Inigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}\n- mac80211: do not accept/forward invalid EAPOL frames (Inigo Huguet) [1991459] {CVE-2020-26139}\n- mac80211: prevent attacks on TKIP/WEP as well (Inigo Huguet) [1991459] {CVE-2020-26141}\n- mac80211: check defrag PN against current frame (Inigo Huguet) [1991459]\n- mac80211: add fragment cache to sta_info (Inigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}\n- mac80211: drop A-MSDUs on old ciphers (Inigo Huguet) [1991459] {CVE-2020-24588}\n- cfg80211: mitigate A-MSDU aggregation attacks (Inigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}\n- mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Inigo Huguet) [1991459]\n- mac80211: prevent mixed key and fragment cache attacks (Inigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}\n- mac80211: assure all fragments are encrypted (Inigo Huguet) [1991459] {CVE-2020-26147}\n- tipc: call tipc_wait_for_connect only when dlen is not 0 (Xin Long) [1989361]\n- mptcp: remove tech preview warning (Florian Westphal) [1985120]\n- tcp: consistently disable header prediction for mptcp (Florian Westphal) [1985120]\n- selftests: mptcp: fix case multiple subflows limited by server (Florian Westphal) [1985120]\n- selftests: mptcp: turn rp_filter off on each NIC (Florian Westphal) [1985120]\n- selftests: mptcp: display proper reason to abort tests (Florian Westphal) [1985120]\n- mptcp: properly account bulk freed memory (Florian Westphal) [1985120]\n- mptcp: fix 'masking a bool' warning (Florian Westphal) [1985120]\n- mptcp: refine mptcp_cleanup_rbuf (Florian Westphal) [1985120]\n- mptcp: use fast lock for subflows when possible (Florian Westphal) [1985120]\n- mptcp: avoid processing packet if a subflow reset (Florian Westphal) [1985120]\n- mptcp: add sk parameter for mptcp_get_options (Florian Westphal) [1985120]\n- mptcp: fix syncookie process if mptcp can not_accept new subflow (Florian Westphal) [1985120]\n- mptcp: fix warning in __skb_flow_dissect() when do syn cookie for subflow join (Florian Westphal) [1985120]\n- mptcp: avoid race on msk state changes (Florian Westphal) [1985120]\n- mptcp: fix 32 bit DSN expansion (Florian Westphal) [1985120]\n- mptcp: fix bad handling of 32 bit ack wrap-around (Florian Westphal) [1985120]\n- tcp: parse mptcp options contained in reset packets (Florian Westphal) [1985120]\n- ionic: count csum_none when offload enabled (Jonathan Toppins) [1991646]\n- ionic: fix up dim accounting for tx and rx (Jonathan Toppins) [1991646]\n- ionic: remove intr coalesce update from napi (Jonathan Toppins) [1991646]\n- ionic: catch no ptp support earlier (Jonathan Toppins) [1991646]\n- ionic: make all rx_mode work threadsafe (Jonathan Toppins) [1991646]\n- dmaengine: idxd: Fix missing error code in idxd_cdev_open() (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: add missing dsa driver unregister (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: add engine 'struct device' missing bus type assignment (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: remove MSIX masking for interrupt handlers (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: Use cpu_feature_enabled() (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: enable SVA feature for IOMMU (Jerry Snitselaar) [1990637]\n- dmagenine: idxd: Dont add portal offset in idxd_submit_desc (Jerry Snitselaar) [1990637]\n- ethtool: strset: fix message length calculation (Balazs Nemeth) [1989003]\n- net: add strict checks in netdev_name_node_alt_destroy() (Andrea Claudi) [1859038]\n- net: rtnetlink: fix bugs in rtnl_alt_ifname() (Andrea Claudi) [1859038]\n- net: rtnetlink: add linkprop commands to add and delete alternative ifnames (Andrea Claudi) [1859038]\n- net: check all name nodes in __dev_alloc_name (Andrea Claudi) [1859038]\n- net: fix a leak in register_netdevice() (Andrea Claudi) [1859038]\n- tun: fix memory leak in error path (Andrea Claudi) [1859038]\n- net: propagate errors correctly in register_netdevice() (Andrea Claudi) [1859038]\n- net: introduce name_node struct to be used in hashlist (Andrea Claudi) [1859038]\n- net: procfs: use index hashlist instead of name hashlist (Andrea Claudi) [1859038]\n- configs: Enable CONFIG_CHELSIO_INLINE_CRYPTO (Raju Rangoju) [1961368]\n- cxgb4/ch_ktls: Clear resources when pf4 device is removed (Raju Rangoju) [1961374]\n- ch_ktls: Remove redundant variable result (Raju Rangoju) [1961374]\n- ch_ktls: do not send snd_una update to TCB in middle (Raju Rangoju) [1961374]\n- ch_ktls: tcb close causes tls connection failure (Raju Rangoju) [1961374]\n- ch_ktls: fix device connection close (Raju Rangoju) [1961374]\n- ch_ktls: Fix kernel panic (Raju Rangoju) [1961374]\n- ch_ktls: fix enum-conversion warning (Raju Rangoju) [1961374]\n- net: ethernet: chelsio: inline_crypto: Mundane typos fixed throughout the file chcr_ktls.c (Raju Rangoju) [1961374]\n- ch_ipsec: Remove initialization of rxq related data (Raju Rangoju) [1961388]\n- ch_ktls: fix build warning for ipv4-only config (Raju Rangoju) [1961374]\n- ch_ktls: lock is not freed (Raju Rangoju) [1961374]\n- ch_ktls: stop the txq if reaches threshold (Raju Rangoju) [1961374]\n- ch_ktls: tcb update fails sometimes (Raju Rangoju) [1961374]\n- ch_ktls/cxgb4: handle partial tag alone SKBs (Raju Rangoju) [1961374]\n- ch_ktls: dont free skb before sending FIN (Raju Rangoju) [1961374]\n- ch_ktls: packet handling prior to start marker (Raju Rangoju) [1961374]\n- ch_ktls: Correction in middle record handling (Raju Rangoju) [1961374]\n- ch_ktls: missing handling of header alone (Raju Rangoju) [1961374]\n- ch_ktls: Correction in trimmed_len calculation (Raju Rangoju) [1961374]\n- cxgb4/ch_ktls: creating skbs causes panic (Raju Rangoju) [1961374]\n- ch_ktls: Update cheksum information (Raju Rangoju) [1961374]\n- ch_ktls: Correction in finding correct length (Raju Rangoju) [1961374]\n- cxgb4/ch_ktls: decrypted bit is not enough (Raju Rangoju) [1961374]\n- cxgb4/ch_ipsec: Replace the module name to ch_ipsec from chcr (Raju Rangoju) [1961388]\n- cxgb4/ch_ktls: ktls stats are added at port level (Raju Rangoju) [1961374]\n- ch_ktls: Issue if connection offload fails (Raju Rangoju) [1961374]\n- chelsio/chtls: Re-add dependencies on CHELSIO_T4 to fix modular CHELSIO_T4 (Raju Rangoju) [1961388]\n- chelsio/chtls: CHELSIO_INLINE_CRYPTO should depend on CHELSIO_T4 (Raju Rangoju) [1961388]\n- crypto: chelsio - fix minor indentation issue (Raju Rangoju) [1961368]\n- crypto/chcr: move nic TLS functionality to drivers/net (Raju Rangoju) [1961368]\n- cxgb4/ch_ipsec: Registering xfrmdev_ops with cxgb4 (Raju Rangoju) [1961388]\n- crypto/chcr: Moving chelsios inline ipsec functionality to /drivers/net (Raju Rangoju) [1961368]\n- chelsio/chtls: separate chelsio tls driver from crypto driver (Raju Rangoju) [1961368]\n- crypto: chelsio - Fix some pr_xxx messages (Raju Rangoju) [1961368]\n- crypto: chelsio - Avoid some code duplication (Raju Rangoju) [1961368]\n- crypto: drivers - set the flag CRYPTO_ALG_ALLOCATES_MEMORY (Raju Rangoju) [1961368]\n- crypto: aead - remove useless setting of type flags (Raju Rangoju) [1961368]\n- crypto: Replace zero-length array with flexible-array (Raju Rangoju) [1961368]\n- [Crypto] treewide: replace '---help---' in Kconfig files with 'help' (Raju Rangoju) [1961368]\n- Crypto/chcr: Checking cra_refcnt before unregistering the algorithms (Raju Rangoju) [1961368]\n- Crypto/chcr: Calculate src and dst sg lengths separately for dma map (Raju Rangoju) [1961368]\n- Crypto/chcr: Fixes a coccinile check error (Raju Rangoju) [1961368]\n- Crypto/chcr: Fixes compilations warnings (Raju Rangoju) [1961368]\n- crypto/chcr: IPV6 code needs to be in CONFIG_IPV6 (Raju Rangoju) [1961368]\n- crypto: lib/sha1 - remove unnecessary includes of linux/cryptohash.h (Raju Rangoju) [1961368]\n- Crypto/chcr: fix for hmac(sha) test fails (Raju Rangoju) [1961368]\n- Crypto/chcr: fix for ccm(aes) failed test (Raju Rangoju) [1961368]\n- Crypto/chcr: fix ctr, cbc, xts and rfc3686-ctr failed tests (Raju Rangoju) [1961368]\n- crypto: chelsio - remove redundant assignment to variable error (Raju Rangoju) [1961368]\n- chcr: Fix CPU hard lockup (Raju Rangoju) [1961368]\n- crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN (Raju Rangoju) [1961368]\n- crypto: chelsio - switch to skcipher API (Raju Rangoju) [1961368]\n- crypto: chelsio - Remove VLA usage of skcipher (Raju Rangoju) [1961368]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-16T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732"], "modified": "2021-11-16T00:00:00", "id": "ELSA-2021-4356", "href": "http://linux.oracle.com/errata/ELSA-2021-4356.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-10-21T16:12:10", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4708-1 advisory.\n\n - An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation. (CVE-2018-13093)\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.\n This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813)\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. (CVE-2019-19816)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-28T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4708-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-13093", "CVE-2019-19813", "CVE-2019-19816", "CVE-2020-25669", "CVE-2020-27777"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-201-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-201-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-201-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-201-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-201-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-201-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-201-powerpc64-smp"], "id": "UBUNTU_USN-4708-1.NASL", "href": "https://www.tenable.com/plugins/nessus/145510", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4708-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145510);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2018-13093\",\n \"CVE-2019-19813\",\n \"CVE-2019-19816\",\n \"CVE-2020-25669\",\n \"CVE-2020-27777\"\n );\n script_bugtraq_id(104954);\n script_xref(name:\"USN\", value:\"4708-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4708-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4708-1 advisory.\n\n - An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer\n dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted\n xfs image. This occurs because of a lack of proper validation that cached inodes are free during\n allocation. (CVE-2018-13093)\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and\n then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.\n This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in\n fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813)\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can\n cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for\n the number of data stripes is mishandled. (CVE-2019-19816)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked\n down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to further increase their privileges to that of a\n running kernel. (CVE-2020-27777)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4708-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19816\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-201-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-201-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-201-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-201-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-201-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-201-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-201-powerpc64-smp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.4.0': {\n 'generic': '4.4.0-201',\n 'generic-lpae': '4.4.0-201',\n 'lowlatency': '4.4.0-201',\n 'powerpc-e500mc': '4.4.0-201',\n 'powerpc-smp': '4.4.0-201',\n 'powerpc64-emb': '4.4.0-201',\n 'powerpc64-smp': '4.4.0-201'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4708-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2018-13093', 'CVE-2019-19813', 'CVE-2019-19816', 'CVE-2020-25669', 'CVE-2020-27777');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4708-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:47", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3327 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. (CVE-2021-32399)\n\n - A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c.\n This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space (CVE-2021-22555)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-02T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2021-3327)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27777", "CVE-2021-22555", "CVE-2021-29154", "CVE-2021-29650", "CVE-2021-32399"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2021-3327.NASL", "href": "https://www.tenable.com/plugins/nessus/152978", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-3327.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152978);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2020-27777\",\n \"CVE-2021-22555\",\n \"CVE-2021-29154\",\n \"CVE-2021-29650\",\n \"CVE-2021-32399\"\n );\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2021-3327)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-3327 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked\n down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to further increase their privileges to that of a\n running kernel. (CVE-2020-27777)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI\n controller. (CVE-2021-32399)\n\n - A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c.\n This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name\n space (CVE-2021-22555)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-3327.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter x_tables Heap OOB Write Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1160.41.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-3327');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.41.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:25", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:3327-1 advisory.\n\n - kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555)\n\n - kernel: race condition for removal of the HCI controller (CVE-2021-32399)\n\n - kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n\n - kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (2021:3327)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27777", "CVE-2021-22555", "CVE-2021-29154", "CVE-2021-29650", "CVE-2021-32399"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "cpe:/o:fermilab:scientific_linux"], "id": "SL_20210831_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/152950", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152950);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2020-27777\",\n \"CVE-2021-22555\",\n \"CVE-2021-29154\",\n \"CVE-2021-29650\",\n \"CVE-2021-32399\"\n );\n script_xref(name:\"RHSA\", value:\"RHSA-2021:3327\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (2021:3327)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2021:3327-1 advisory.\n\n - kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555)\n\n - kernel: race condition for removal of the HCI controller (CVE-2021-32399)\n\n - kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n\n - kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation\n (CVE-2021-29154)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c\n and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20213327-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter x_tables Heap OOB Write Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nvar os_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.41.1.el7', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / bpftool-debuginfo / kernel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:21:44", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3327 advisory.\n\n - kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n\n - kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555)\n\n - kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: race condition for removal of the HCI controller (CVE-2021-32399)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-01T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:3327)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27777", "CVE-2021-22555", "CVE-2021-29154", "CVE-2021-29650", "CVE-2021-32399"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-3327.NASL", "href": "https://www.tenable.com/plugins/nessus/152935", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:3327. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152935);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-27777\",\n \"CVE-2021-22555\",\n \"CVE-2021-29154\",\n \"CVE-2021-29650\",\n \"CVE-2021-32399\"\n );\n script_xref(name:\"RHSA\", value:\"2021:3327\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:3327)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:3327 advisory.\n\n - kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n\n - kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555)\n\n - kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation\n (CVE-2021-29154)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c\n and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: race condition for removal of the HCI controller (CVE-2021-32399)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-22555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-32399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:3327\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900844\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1945388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1946684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1980101\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter x_tables Heap OOB Write Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(119, 362, 662, 667, 787, 862);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-27777', 'CVE-2021-22555', 'CVE-2021-29154', 'CVE-2021-29650', 'CVE-2021-32399');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:3327');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1160.41.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.41.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.41.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.41.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.41.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.41.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.41.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-1160.41.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-1160.41.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.41.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.41.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.41.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.41.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.41.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.41.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.41.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.41.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.41.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1160.41.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1160.41.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.41.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.41.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.41.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.41.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.41.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.41.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.41.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.41.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.41.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.41.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.41.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.41.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:34", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3327 advisory.\n\n - kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n\n - kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555)\n\n - kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: race condition for removal of the HCI controller (CVE-2021-32399)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-02T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2021:3327)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27777", "CVE-2021-22555", "CVE-2021-29154", "CVE-2021-29650", "CVE-2021-32399"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2021-3327.NASL", "href": "https://www.tenable.com/plugins/nessus/152970", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:3327 and\n# CentOS Errata and Security Advisory 2021:3327 respectively.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152970);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2020-27777\",\n \"CVE-2021-22555\",\n \"CVE-2021-29154\",\n \"CVE-2021-29650\",\n \"CVE-2021-32399\"\n );\n script_xref(name:\"RHSA\", value:\"2021:3327\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2021:3327)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:3327 advisory.\n\n - kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n\n - kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555)\n\n - kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation\n (CVE-2021-29154)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c\n and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: race condition for removal of the HCI controller (CVE-2021-32399)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2021-August/048356.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f7c44f94\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/362.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/662.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/667.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/862.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter x_tables Heap OOB Write Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(119, 362, 662, 667, 787, 862);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.41.1.el7', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.41.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:12:09", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4679-1 advisory.\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. (CVE-2020-25704)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-06T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4679-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25704", "CVE-2020-27675", "CVE-2020-27777", "CVE-2020-28974"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1026-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1031-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1033-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1033-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1034-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1035-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-59-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-59-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-59-lowlatency"], "id": "UBUNTU_USN-4679-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144750", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4679-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144750);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25704\",\n \"CVE-2020-27675\",\n \"CVE-2020-27777\",\n \"CVE-2020-28974\"\n );\n script_xref(name:\"USN\", value:\"4679-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4679-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4679-1 advisory.\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of\n service. (CVE-2020-25704)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked\n down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to further increase their privileges to that of a\n running kernel. (CVE-2020-27777)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4679-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25668\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1026-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1031-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1033-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1033-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1034-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1035-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-59-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-59-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-59-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '18.04': {\n '5.4.0': {\n 'generic': '5.4.0-59',\n 'generic-lpae': '5.4.0-59',\n 'lowlatency': '5.4.0-59',\n 'raspi': '5.4.0-1026',\n 'gcp': '5.4.0-1033',\n 'gke': '5.4.0-1033',\n 'oracle': '5.4.0-1034',\n 'azure': '5.4.0-1035'\n }\n },\n '20.04': {\n '5.4.0': {\n 'generic': '5.4.0-59',\n 'generic-lpae': '5.4.0-59',\n 'lowlatency': '5.4.0-59',\n 'raspi': '5.4.0-1026',\n 'kvm': '5.4.0-1031',\n 'gcp': '5.4.0-1033',\n 'oracle': '5.4.0-1034',\n 'azure': '5.4.0-1035'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4679-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2020-25656', 'CVE-2020-25668', 'CVE-2020-25704', 'CVE-2020-27675', 'CVE-2020-27777', 'CVE-2020-28974');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4679-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:29", "description": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c where uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd (bnc#1179429).\n\n - CVE-2020-15436: Use-after-free vulnerability in fs/block_dev.c allowed local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field (bnc#1179141).\n\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666).\n\n - CVE-2018-20669: An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c, where a local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation (bnc#1122971).\n\n - CVE-2020-15437: The Linux kernel was vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ ports() that allowed local users to cause a denial of service by using the p->serial_in pointer which uninitialized (bnc#1179140).\n\n - CVE-2020-27777: Restrict RTAS requests from userspace (CVE-2020-27777 bsc#1179107).\n\n - CVE-2020-28974: A slab-out-of-bounds read in fbcon could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height (bnc#1178589).\n\nThe following non-security bugs were fixed :\n\n - ACPI: GED: fix -Wformat (git-fixes).\n\n - ALSA: ctl: fix error path at adding user-defined element set (git-fixes).\n\n - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).\n\n - ALSA: mixart: Fix mutex deadlock (git-fixes).\n\n - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n\n - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes).\n\n - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes).\n\n - Convert trailing spaces and periods in path components (bsc#1179424).\n\n - Drivers: hv: vmbus: Remove the unused 'tsc_page' from struct hv_context (git-fixes).\n\n - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666)\n\n - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666)\n\n - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666)\n\n - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666)\n\n - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666)\n\n - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666)\n\n - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666)\n\n - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)\n\n - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666)\n\n - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666)\n\n - IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666)\n\n - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666)\n\n - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)\n\n - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666)\n\n - IB/hfi1: Handle port down properly in pio (bsc#1111666)\n\n - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666)\n\n - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666)\n\n - IB/hfi1: Remove unused define (bsc#1111666)\n\n - IB/hfi1: Silence txreq allocation warnings (bsc#1111666)\n\n - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666)\n\n - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666)\n\n - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666)\n\n - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666)\n\n - IB/ipoib: drop useless LIST_HEAD (bsc#1111666)\n\n - IB/iser: Fix dma_nents type definition (bsc#1111666)\n\n - IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666)\n\n - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666)\n\n - IB/mlx4: Add and improve logging (bsc#1111666)\n\n - IB/mlx4: Add support for MRA (bsc#1111666)\n\n - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666)\n\n - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)\n\n - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666)\n\n - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666)\n\n - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666)\n\n - IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666)\n\n - IB/mlx4: Remove unneeded NULL check (bsc#1111666)\n\n - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666)\n\n - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666)\n\n - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666)\n\n - IB/mlx5: Do not override existing ip_protocol (bsc#1111666)\n\n - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666)\n\n - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666)\n\n - IB/mlx5: Fix implicit MR release flow (bsc#1111666)\n\n - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666)\n\n - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666)\n\n - IB/mlx5: Improve ODP debugging messages (bsc#1111666)\n\n - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666)\n\n - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666)\n\n - IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666)\n\n - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666)\n\n - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666)\n\n - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666)\n\n - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666)\n\n - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666)\n\n - IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)\n\n - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666)\n\n - IB/qib: Remove a set-but-not-used variable (bsc#1111666)\n\n - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666)\n\n - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)\n\n - IB/rdmavt: Fix sizeof mismatch (bsc#1111666)\n\n - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666)\n\n - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666)\n\n - IB/rxe: Make counters thread safe (bsc#1111666)\n\n - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)\n\n - IB/umad: Avoid additional device reference during open()/close() (bsc#1111666)\n\n - IB/umad: Avoid destroying device while it is accessed (bsc#1111666)\n\n - IB/umad: Do not check status of nonseekable_open() (bsc#1111666)\n\n - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666)\n\n - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666)\n\n - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666)\n\n - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666)\n\n - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666)\n\n - IB/(hfi1, qib): Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666)\n\n - IB/(qib, hfi1, rdmavt): Correct ibv_devinfo max_mr value (bsc#1111666)\n\n - KVM host: kabi fixes for psci_version (bsc#1174726).\n\n - KVM: arm64: Add missing #include of <linux/string.h> in guest.c (bsc#1174726).\n\n - KVM: arm64: Factor out core register ID enumeration (bsc#1174726).\n\n - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726).\n\n - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726).\n\n - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726).\n\n - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).\n\n - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).\n\n - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes).\n\n - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666)\n\n - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666)\n\n - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666)\n\n - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666)\n\n - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666)\n\n - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666)\n\n - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666)\n\n - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666)\n\n - RDMA/cma: Fix false error message (bsc#1111666)\n\n - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666)\n\n - RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666)\n\n - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666)\n\n - RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666)\n\n - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666)\n\n - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666)\n\n - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666)\n\n - RDMA/core: Fix race between destroy and release FD object (bsc#1111666)\n\n - RDMA/core: Fix race when resolving IP address (bsc#1111666)\n\n - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666)\n\n - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666)\n\n - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666)\n\n - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666)\n\n - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666)\n\n - RDMA/hns: Set the unsupported wr opcode (bsc#1111666)\n\n - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666)\n\n - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666)\n\n - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666)\n\n - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666)\n\n - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666)\n\n - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666)\n\n - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666)\n\n - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666)\n\n - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)\n\n - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)\n\n - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666)\n\n - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666)\n\n - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)\n\n - RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666)\n\n - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666)\n\n - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666)\n\n - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666)\n\n - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666)\n\n - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666)\n\n - RDMA/mlx5: Return proper error value (bsc#1111666)\n\n - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666)\n\n - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666)\n\n - RDMA/nes: Remove second wait queue initialization call (bsc#1111666)\n\n - RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666)\n\n - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666)\n\n - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666)\n\n - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666)\n\n - RDMA/qedr: Endianness warnings cleanup (bsc#1111666)\n\n - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545).\n\n - RDMA/qedr: Fix doorbell setting (bsc#1111666)\n\n - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ).\n\n - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666)\n\n - RDMA/qedr: Fix reported firmware version (bsc#1111666)\n\n - RDMA/qedr: Fix use of uninitialized field (bsc#1111666)\n\n - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666)\n\n - RDMA/qedr: SRQ's bug fixes (bsc#1111666)\n\n - RDMA/qib: Delete extra line (bsc#1111666)\n\n - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666)\n\n - RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666)\n\n - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666)\n\n - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666)\n\n - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666)\n\n - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666)\n\n - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666)\n\n - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666)\n\n - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666)\n\n - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666)\n\n - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666)\n\n - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666)\n\n - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666)\n\n - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666)\n\n - RDMA/rxe: Set default vendor ID (bsc#1111666)\n\n - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666)\n\n - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)\n\n - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666)\n\n - RDMA/srp: Rework SCSI device reset handling (bsc#1111666)\n\n - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666)\n\n - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666)\n\n - RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666)\n\n - RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666)\n\n - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666)\n\n - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666)\n\n - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666)\n\n - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666)\n\n - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666)\n\n - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (bsc#1179418).\n\n - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992).\n\n - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes).\n\n - USB: core: Fix regression in Hercules audio card (git-fixes).\n\n - Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes).\n\n - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726).\n\n - arm64: KVM: Fix system register enumeration (bsc#1174726).\n\n - ath10k: Acquire tx_lock in tx error paths (git-fixes).\n\n - batman-adv: set .owner to THIS_MODULE (git-fixes).\n\n - bnxt_en: Fix race when modifying pause settings (bsc#1050242 ).\n\n - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242).\n\n - btrfs: account ticket size at add/delete time (bsc#1178897).\n\n - btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897).\n\n - btrfs: check rw_devices, not num_devices for balance (bsc#1178897).\n\n - btrfs: do not delete mismatched root refs (bsc#1178962).\n\n - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897).\n\n - btrfs: fix force usage in inc_block_group_ro (bsc#1178897).\n\n - btrfs: fix invalid removal of root ref (bsc#1178962).\n\n - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897).\n\n - btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897).\n\n - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897).\n\n - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962).\n\n - btrfs: split dev-replace locking helpers for read and write (bsc#1178897). Needed as a prep patch for further improvements around btrfs.\n\n - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).\n\n - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes).\n\n - ceph: add check_session_state() helper and make it global (bsc#1179259).\n\n - ceph: check session state after bumping session->s_seq (bsc#1179259).\n\n - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).\n\n - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).\n\n - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).\n\n - cifs: remove bogus debug code (bsc#1179427).\n\n - cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129).\n\n - docs: ABI: stable: remove a duplicated documentation (git-fixes).\n\n - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).\n\n - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes).\n\n - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes).\n\n - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).\n\n - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).\n\n - efi/x86: Free efi_pgd with free_pages() (bsc#1112178).\n\n - efi/x86: Ignore the memory attributes table on i386 (git-fixes).\n\n - efi/x86: Map the entire EFI vendor string before copying it (git-fixes).\n\n - efi: cper: Fix possible out-of-bounds access (git-fixes).\n\n - efi: provide empty efi_enter_virtual_mode implementation (git-fixes).\n\n - efivarfs: fix memory leak in efivarfs_create() (git-fixes).\n\n - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes).\n\n - fuse: fix page dereference after free (bsc#1179213).\n\n - hv_balloon: disable warning when floor reached (git-fixes).\n\n - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666)\n\n - i40iw: Report correct firmware version (bsc#1111666)\n\n - i40iw: fix NULL pointer dereference on a null wqe pointer (bsc#1111666)\n\n - igc: Fix returning wrong statistics (bsc#1118657).\n\n - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).\n\n - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).\n\n - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666)\n\n - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666)\n\n - kABI workaround for usermodehelper changes (bsc#1179406).\n\n - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - mac80211: always wind down STA state (git-fixes).\n\n - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).\n\n - mlxsw: core: Fix memory leak on module removal (bsc#1112374).\n\n - mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178).\n\n - net/tls: Fix kmap usage (bsc#1109837).\n\n - net/tls: missing received data after fast remote close (bsc#1109837).\n\n - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ).\n\n - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).\n\n - net: ena: handle bad request id in ena_netdev (git-fixes).\n\n - net: qed: fix 'maybe uninitialized' warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389).\n\n - net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096).\n\n - net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787).\n\n - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).\n\n - nfp: use correct define to return NONE fec (bsc#1109837).\n\n - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).\n\n - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).\n\n - pinctrl: aspeed: Fix GPI only function problem (git-fixes).\n\n - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).\n\n - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes).\n\n - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545).\n\n - qed: suppress 'do not support RoCE & iWARP' flooding on HW init (bsc#1050536 bsc#1050545).\n\n - qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - reboot: fix overflow parsing reboot cpu number (bsc#1179421).\n\n - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666)\n\n - rxe: fix error completion wr_id and qp_num (bsc#1111666)\n\n - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737).\n\n - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937).\n\n - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739).\n\n - s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323).\n\n - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178).\n\n - sched/x86: SaveFLAGS on context switch (bsc#1112178).\n\n - scripts/git_sort/git_sort.py: add ceph maintainers git tree\n\n - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666)\n\n - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).\n\n - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992).\n\n - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992).\n\n - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837).\n\n - tracing: Fix out of bounds write in get_trace_buf (bsc#1179403).\n\n - tty: serial: imx: keep console clocks always on (git-fixes).\n\n - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).\n\n - usb: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).\n\n - usb: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).\n\n - usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes).\n\n - usermodehelper: reset umask to default before executing user process (bsc#1179406).\n\n - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).\n\n - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes).\n\n - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes).\n\n - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes).\n\n - x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n\n - x86/hyperv: Make vapic support x2apic mode (git-fixes).\n\n - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178).\n\n - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178).\n\n - x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes).\n\n - xfrm: Fix memleak on xfrm state destroy (bsc#1158775).\n\n - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes).", "cvss3": {}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-2193)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-27777", "CVE-2020-28974", "CVE-2020-29371", "CVE-2020-4788"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2193.NASL", "href": "https://www.tenable.com/plugins/nessus/143542", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2193.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143542);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2018-20669\", \"CVE-2020-15436\", \"CVE-2020-15437\", \"CVE-2020-27777\", \"CVE-2020-28974\", \"CVE-2020-29371\", \"CVE-2020-4788\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-2193)\");\n script_summary(english:\"Check for the openSUSE-2020-2193 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.2 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-29371: An issue was discovered in\n romfs_dev_read in fs/romfs/storage.c where uninitialized\n memory leaks to userspace, aka CID-bcf85fcedfdd\n (bnc#1179429).\n\n - CVE-2020-15436: Use-after-free vulnerability in\n fs/block_dev.c allowed local users to gain privileges or\n cause a denial of service by leveraging improper access\n to a certain error field (bnc#1179141).\n\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1)\n processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under\n extenuating circumstances. IBM X-Force ID: 189296\n (bnc#1177666).\n\n - CVE-2018-20669: An issue where a provided address with\n access_ok() is not checked was discovered in\n i915_gem_execbuffer2_ioctl in\n drivers/gpu/drm/i915/i915_gem_execbuffer.c, where a\n local attacker can craft a malicious IOCTL function call\n to overwrite arbitrary kernel memory, resulting in a\n Denial of Service or privilege escalation (bnc#1122971).\n\n - CVE-2020-15437: The Linux kernel was vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_\n ports() that allowed local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized (bnc#1179140).\n\n - CVE-2020-27777: Restrict RTAS requests from userspace\n (CVE-2020-27777 bsc#1179107).\n\n - CVE-2020-28974: A slab-out-of-bounds read in fbcon could\n be used by local attackers to read privileged\n information or potentially crash the kernel, aka\n CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in\n drivers/tty/vt/vt.c can be used for manipulations such\n as font height (bnc#1178589).\n\nThe following non-security bugs were fixed :\n\n - ACPI: GED: fix -Wformat (git-fixes).\n\n - ALSA: ctl: fix error path at adding user-defined element\n set (git-fixes).\n\n - ALSA: firewire: Clean up a locking issue in\n copy_resp_to_buf() (git-fixes).\n\n - ALSA: mixart: Fix mutex deadlock (git-fixes).\n\n - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n\n - Bluetooth: btusb: Fix and detect most of the Chinese\n Bluetooth controllers (git-fixes).\n\n - Bluetooth: hci_bcm: fix freeing not-requested IRQ\n (git-fixes).\n\n - Convert trailing spaces and periods in path components\n (bsc#1179424).\n\n - Drivers: hv: vmbus: Remove the unused 'tsc_page' from\n struct hv_context (git-fixes).\n\n - IB/cma: Fix ports memory leak in cma_configfs\n (bsc#1111666)\n\n - IB/core: Set qp->real_qp before it may be accessed\n (bsc#1111666)\n\n - IB/hfi1, qib: Ensure RCU is locked when accessing list\n (bsc#1111666)\n\n - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats\n (bsc#1111666)\n\n - IB/hfi1: Add missing INVALIDATE opcodes for trace\n (bsc#1111666)\n\n - IB/hfi1: Add software counter for ctxt0 seq drop\n (bsc#1111666)\n\n - IB/hfi1: Avoid hardlockup with flushlist_lock\n (bsc#1111666)\n\n - IB/hfi1: Call kobject_put() when kobject_init_and_add()\n fails (bsc#1111666)\n\n - IB/hfi1: Check for error on call to alloc_rsm_map_table\n (bsc#1111666)\n\n - IB/hfi1: Close PSM sdma_progress sleep window\n (bsc#1111666)\n\n - IB/hfi1: Define variables as unsigned long to fix KASAN\n warning (bsc#1111666)\n\n - IB/hfi1: Ensure full Gen3 speed in a Gen4 system\n (bsc#1111666)\n\n - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)\n\n - IB/hfi1: Fix memory leaks in sysfs registration and\n unregistration (bsc#1111666)\n\n - IB/hfi1: Handle port down properly in pio (bsc#1111666)\n\n - IB/hfi1: Handle wakeup of orphaned QPs for pio\n (bsc#1111666)\n\n - IB/hfi1: Insure freeze_work work_struct is canceled on\n shutdown (bsc#1111666)\n\n - IB/hfi1: Remove unused define (bsc#1111666)\n\n - IB/hfi1: Silence txreq allocation warnings (bsc#1111666)\n\n - IB/hfi1: Validate page aligned for a given virtual\n address (bsc#1111666)\n\n - IB/hfi1: Wakeup QPs orphaned on wait list after flush\n (bsc#1111666)\n\n - IB/ipoib: Fix double free of skb in case of multicast\n traffic in CM mode (bsc#1111666)\n\n - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start\n (bsc#1111666)\n\n - IB/ipoib: drop useless LIST_HEAD (bsc#1111666)\n\n - IB/iser: Fix dma_nents type definition (bsc#1111666)\n\n - IB/iser: Pass the correct number of entries for dma\n mapped SGL (bsc#1111666)\n\n - IB/mad: Fix use-after-free in ib mad completion handling\n (bsc#1111666)\n\n - IB/mlx4: Add and improve logging (bsc#1111666)\n\n - IB/mlx4: Add support for MRA (bsc#1111666)\n\n - IB/mlx4: Adjust delayed work when a dup is observed\n (bsc#1111666)\n\n - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)\n\n - IB/mlx4: Fix memory leak in add_gid error flow\n (bsc#1111666)\n\n - IB/mlx4: Fix race condition between catas error reset\n and aliasguid flows (bsc#1111666)\n\n - IB/mlx4: Fix starvation in paravirt mux/demux\n (bsc#1111666)\n\n - IB/mlx4: Follow mirror sequence of device add during\n device removal (bsc#1111666)\n\n - IB/mlx4: Remove unneeded NULL check (bsc#1111666)\n\n - IB/mlx4: Test return value of calls to\n ib_get_cached_pkey (bsc#1111666)\n\n - IB/mlx5: Add missing XRC options to QP optional params\n mask (bsc#1111666)\n\n - IB/mlx5: Compare only index part of a memory window rkey\n (bsc#1111666)\n\n - IB/mlx5: Do not override existing ip_protocol\n (bsc#1111666)\n\n - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the\n HW specification (bsc#1111666)\n\n - IB/mlx5: Fix clean_mr() to work in the expected order\n (bsc#1111666)\n\n - IB/mlx5: Fix implicit MR release flow (bsc#1111666)\n\n - IB/mlx5: Fix outstanding_pi index for GSI qps\n (bsc#1111666)\n\n - IB/mlx5: Fix unreg_umr to ignore the mkey state\n (bsc#1111666)\n\n - IB/mlx5: Improve ODP debugging messages (bsc#1111666)\n\n - IB/mlx5: Move MRs to a kernel PD when freeing them to\n the MR cache (bsc#1111666)\n\n - IB/mlx5: Prevent concurrent MR updates during\n invalidation (bsc#1111666)\n\n - IB/mlx5: Reset access mask when looping inside page\n fault handler (bsc#1111666)\n\n - IB/mlx5: Set correct write permissions for implicit ODP\n MR (bsc#1111666)\n\n - IB/mlx5: Use direct mkey destroy command upon UMR unreg\n failure (bsc#1111666)\n\n - IB/mlx5: Use fragmented QP's buffer for in-kernel users\n (bsc#1111666)\n\n - IB/mlx5: WQE dump jumps over first 16 bytes\n (bsc#1111666)\n\n - IB/mthca: fix return value of error branch in\n mthca_init_cq() (bsc#1111666)\n\n - IB/qib: Call kobject_put() when kobject_init_and_add()\n fails (bsc#1111666)\n\n - IB/qib: Fix an error code in qib_sdma_verbs_send()\n (bsc#1111666)\n\n - IB/qib: Remove a set-but-not-used variable (bsc#1111666)\n\n - IB/rdmavt: Convert timers to use timer_setup()\n (bsc#1111666)\n\n - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)\n\n - IB/rdmavt: Fix sizeof mismatch (bsc#1111666)\n\n - IB/rdmavt: Reset all QPs when the device is shut down\n (bsc#1111666)\n\n - IB/rxe: Fix incorrect cache cleanup in error flow\n (bsc#1111666)\n\n - IB/rxe: Make counters thread safe (bsc#1111666)\n\n - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)\n\n - IB/umad: Avoid additional device reference during\n open()/close() (bsc#1111666)\n\n - IB/umad: Avoid destroying device while it is accessed\n (bsc#1111666)\n\n - IB/umad: Do not check status of nonseekable_open()\n (bsc#1111666)\n\n - IB/umad: Fix kernel crash while unloading ib_umad\n (bsc#1111666)\n\n - IB/umad: Refactor code to use cdev_device_add()\n (bsc#1111666)\n\n - IB/umad: Simplify and avoid dynamic allocation of class\n (bsc#1111666)\n\n - IB/usnic: Fix out of bounds index check in query pkey\n (bsc#1111666)\n\n - IB/uverbs: Fix OOPs upon device disassociation\n (bsc#1111666)\n\n - IB/(hfi1, qib): Fix WC.byte_len calculation for\n UD_SEND_WITH_IMM (bsc#1111666)\n\n - IB/(qib, hfi1, rdmavt): Correct ibv_devinfo max_mr value\n (bsc#1111666)\n\n - KVM host: kabi fixes for psci_version (bsc#1174726).\n\n - KVM: arm64: Add missing #include of <linux/string.h> in\n guest.c (bsc#1174726).\n\n - KVM: arm64: Factor out core register ID enumeration\n (bsc#1174726).\n\n - KVM: arm64: Filter out invalid core register IDs in\n KVM_GET_REG_LIST (bsc#1174726).\n\n - KVM: arm64: Refactor kvm_arm_num_regs() for easier\n maintenance (bsc#1174726).\n\n - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE\n vcpus (bsc#1174726).\n\n - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).\n\n - NFS: only invalidate dentrys that are clearly invalid\n (bsc#1178669 bsc#1170139).\n\n - PCI: pci-hyperv: Fix build errors on non-SYSFS config\n (git-fixes).\n\n - RDMA/bnxt_re: Fix Send Work Entry state check while\n polling completions (bsc#1111666)\n\n - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task\n (bsc#1111666)\n\n - RDMA/bnxt_re: Fix sizeof mismatch for allocation of\n pbl_tbl. (bsc#1111666)\n\n - RDMA/bnxt_re: Fix stack-out-of-bounds in\n bnxt_qplib_rcfw_send_message (bsc#1111666)\n\n - RDMA/cm: Add missing locking around id.state in\n cm_dup_req_handler (bsc#1111666)\n\n - RDMA/cm: Fix checking for allowed duplicate listens\n (bsc#1111666)\n\n - RDMA/cm: Remove a race freeing timewait_info\n (bsc#1111666)\n\n - RDMA/cm: Update num_paths in cma_resolve_iboe_route\n error flow (bsc#1111666)\n\n - RDMA/cma: Fix false error message (bsc#1111666)\n\n - RDMA/cma: Protect bind_list and listen_list while\n finding matching cm id (bsc#1111666)\n\n - RDMA/cma: add missed unregister_pernet_subsys in init\n failure (bsc#1111666)\n\n - RDMA/cma: fix null-ptr-deref Read in cma_cleanup\n (bsc#1111666)\n\n - RDMA/core: Do not depend device ODP capabilities on\n kconfig option (bsc#1111666)\n\n - RDMA/core: Fix invalid memory access in spec_filter_size\n (bsc#1111666)\n\n - RDMA/core: Fix locking in ib_uverbs_event_read\n (bsc#1111666)\n\n - RDMA/core: Fix protection fault in ib_mr_pool_destroy\n (bsc#1111666)\n\n - RDMA/core: Fix race between destroy and release FD\n object (bsc#1111666)\n\n - RDMA/core: Fix race when resolving IP address\n (bsc#1111666)\n\n - RDMA/core: Prevent mixed use of FDs between shared\n ufiles (bsc#1111666)\n\n - RDMA/cxgb3: Delete and properly mark unimplemented\n resize CQ function (bsc#1111666)\n\n - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN\n (bsc#1111666)\n\n - RDMA/hns: Correct typo of hns_roce_create_cq()\n (bsc#1111666)\n\n - RDMA/hns: Remove unsupported modify_port callback\n (bsc#1111666)\n\n - RDMA/hns: Set the unsupported wr opcode (bsc#1111666)\n\n - RDMA/i40iw: Set queue pair state when being queried\n (bsc#1111666)\n\n - RDMA/i40iw: fix a potential NULL pointer dereference\n (bsc#1111666)\n\n - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah()\n (bsc#1111666)\n\n - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666)\n\n - RDMA/ipoib: Return void from ipoib_ib_dev_stop()\n (bsc#1111666)\n\n - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces\n (bsc#1111666)\n\n - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure\n case (bsc#1111666)\n\n - RDMA/iw_cxgb4: Fix the unchecked ep dereference\n (bsc#1111666)\n\n - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)\n\n - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)\n\n - RDMA/iwcm: move iw_rem_ref() calls out of spinlock\n (bsc#1111666)\n\n - RDMA/mad: Fix possible memory leak in\n ib_mad_post_receive_mads() (bsc#1111666)\n\n - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)\n\n - RDMA/mlx4: Read pkey table length instead of hardcoded\n value (bsc#1111666)\n\n - RDMA/mlx5: Clear old rate limit when closing QP\n (bsc#1111666)\n\n - RDMA/mlx5: Delete unreachable handle_atomic code by\n simplifying SW completion (bsc#1111666)\n\n - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an\n implicit MR (bsc#1111666)\n\n - RDMA/mlx5: Fix access to wrong pointer while performing\n flush due to error (bsc#1111666)\n\n - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields'\n (bsc#1111666)\n\n - RDMA/mlx5: Return proper error value (bsc#1111666)\n\n - RDMA/mlx5: Set GRH fields in query QP on RoCE\n (bsc#1111666)\n\n - RDMA/mlx5: Verify that QP is created with RQ or SQ\n (bsc#1111666)\n\n - RDMA/nes: Remove second wait queue initialization call\n (bsc#1111666)\n\n - RDMA/netlink: Do not always generate an ACK for some\n netlink operations (bsc#1111666)\n\n - RDMA/ocrdma: Fix out of bounds index check in query pkey\n (bsc#1111666)\n\n - RDMA/ocrdma: Remove unsupported modify_port callback\n (bsc#1111666)\n\n - RDMA/pvrdma: Fix missing pci disable in\n pvrdma_pci_probe() (bsc#1111666)\n\n - RDMA/qedr: Endianness warnings cleanup (bsc#1111666)\n\n - RDMA/qedr: Fix KASAN: use-after-free in\n ucma_event_handler+0x532 (bsc#1050545).\n\n - RDMA/qedr: Fix doorbell setting (bsc#1111666)\n\n - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ).\n\n - RDMA/qedr: Fix memory leak in user qp and mr\n (bsc#1111666)\n\n - RDMA/qedr: Fix reported firmware version (bsc#1111666)\n\n - RDMA/qedr: Fix use of uninitialized field (bsc#1111666)\n\n - RDMA/qedr: Remove unsupported modify_port callback\n (bsc#1111666)\n\n - RDMA/qedr: SRQ's bug fixes (bsc#1111666)\n\n - RDMA/qib: Delete extra line (bsc#1111666)\n\n - RDMA/qib: Remove all occurrences of BUG_ON()\n (bsc#1111666)\n\n - RDMA/qib: Validate ->show()/store() callbacks before\n calling them (bsc#1111666)\n\n - RDMA/rxe: Drop pointless checks in rxe_init_ports\n (bsc#1111666)\n\n - RDMA/rxe: Fill in wc byte_len with\n IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666)\n\n - RDMA/rxe: Fix configuration of atomic queue pair\n attributes (bsc#1111666)\n\n - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666)\n\n - RDMA/rxe: Fix slab-out-bounds access which lead to\n kernel crash later (bsc#1111666)\n\n - RDMA/rxe: Fix soft lockup problem due to using tasklets\n in softirq (bsc#1111666)\n\n - RDMA/rxe: Fix the parent sysfs read when the interface\n has 15 chars (bsc#1111666)\n\n - RDMA/rxe: Prevent access to wr->next ptr afrer wr is\n posted to send queue (bsc#1111666)\n\n - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666)\n\n - RDMA/rxe: Remove useless rxe_init_device_param\n assignments (bsc#1111666)\n\n - RDMA/rxe: Return void from rxe_init_port_param()\n (bsc#1111666)\n\n - RDMA/rxe: Return void from rxe_mem_init_dma()\n (bsc#1111666)\n\n - RDMA/rxe: Set default vendor ID (bsc#1111666)\n\n - RDMA/rxe: Set sys_image_guid to be aligned with HW IB\n devices (bsc#1111666)\n\n - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)\n\n - RDMA/rxe: Use for_each_sg_page iterator on umem SGL\n (bsc#1111666)\n\n - RDMA/srp: Rework SCSI device reset handling\n (bsc#1111666)\n\n - RDMA/srpt: Fix typo in srpt_unregister_mad_agent\n docstring (bsc#1111666)\n\n - RDMA/srpt: Report the SCSI residual to the initiator\n (bsc#1111666)\n\n - RDMA/ucma: Add missing locking around\n rdma_leave_multicast() (bsc#1111666)\n\n - RDMA/ucma: Put a lock around every call to the rdma_cm\n layer (bsc#1111666)\n\n - RDMA/uverbs: Make the event_queue fds return POLLERR\n when disassociated (bsc#1111666)\n\n - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove\n (bsc#1111666)\n\n - RDMA/vmw_pvrdma: Use atomic memory allocation in create\n AH (bsc#1111666)\n\n - RDMA: Directly cast the sockaddr union to sockaddr\n (bsc#1111666)\n\n - RMDA/cm: Fix missing ib_cm_destroy_id() in\n ib_cm_insert_listen() (bsc#1111666)\n\n - Revert 'kernel/reboot.c: convert simple_strtoul to\n kstrtoint' (bsc#1179418).\n\n - SUNRPC: fix copying of multiple pages in\n gss_read_proxy_verf() (bsc#1103992).\n\n - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable\n authmode (git-fixes).\n\n - USB: core: Fix regression in Hercules audio card\n (git-fixes).\n\n - Update references in\n patches.suse/net-smc-tolerate-future-smcd-versions\n (bsc#1172542 LTC#186070 git-fixes).\n\n - arm/arm64: KVM: Add PSCI version selection API\n (bsc#1174726).\n\n - arm64: KVM: Fix system register enumeration\n (bsc#1174726).\n\n - ath10k: Acquire tx_lock in tx error paths (git-fixes).\n\n - batman-adv: set .owner to THIS_MODULE (git-fixes).\n\n - bnxt_en: Fix race when modifying pause settings\n (bsc#1050242 ).\n\n - bnxt_en: Protect bnxt_set_eee() and\n bnxt_set_pauseparam() with mutex (bsc#1050242).\n\n - btrfs: account ticket size at add/delete time\n (bsc#1178897).\n\n - btrfs: add helper to obtain number of devices with\n ongoing dev-replace (bsc#1178897).\n\n - btrfs: check rw_devices, not num_devices for balance\n (bsc#1178897).\n\n - btrfs: do not delete mismatched root refs (bsc#1178962).\n\n - btrfs: fix btrfs_calc_reclaim_metadata_size calculation\n (bsc#1178897).\n\n - btrfs: fix force usage in inc_block_group_ro\n (bsc#1178897).\n\n - btrfs: fix invalid removal of root ref (bsc#1178962).\n\n - btrfs: fix reclaim counter leak of space_info objects\n (bsc#1178897).\n\n - btrfs: fix reclaim_size counter leak after stealing from\n global reserve (bsc#1178897).\n\n - btrfs: kill min_allocable_bytes in inc_block_group_ro\n (bsc#1178897).\n\n - btrfs: rework arguments of btrfs_unlink_subvol\n (bsc#1178962).\n\n - btrfs: split dev-replace locking helpers for read and\n write (bsc#1178897). Needed as a prep patch for further\n improvements around btrfs.\n\n - can: gs_usb: fix endianess problem with candleLight\n firmware (git-fixes).\n\n - can: m_can: fix nominal bitiming tseg2 min for version\n >= 3.1 (git-fixes).\n\n - ceph: add check_session_state() helper and make it\n global (bsc#1179259).\n\n - ceph: check session state after bumping session->s_seq\n (bsc#1179259).\n\n - ceph: fix race in concurrent __ceph_remove_cap\n invocations (bsc#1178635).\n\n - cifs: Fix incomplete memory allocation on setxattr path\n (bsc#1179211).\n\n - cifs: Return the error from crypt_message when enc/dec\n key not found (bsc#1179426).\n\n - cifs: remove bogus debug code (bsc#1179427).\n\n - cxgb4: Fix offset when clearing filter byte counters\n (bsc#1064802 bsc#1066129).\n\n - docs: ABI: stable: remove a duplicated documentation\n (git-fixes).\n\n - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).\n\n - drm/sun4i: dw-hdmi: fix error return code in\n sun8i_dw_hdmi_bind() (git-fixes).\n\n - efi/efivars: Add missing kobject_put() in sysfs entry\n creation error path (git-fixes).\n\n - efi/esrt: Fix reference count leak in\n esre_create_sysfs_entry (git-fixes).\n\n - efi/x86: Do not panic or BUG() on non-critical error\n conditions (git-fixes).\n\n - efi/x86: Free efi_pgd with free_pages() (bsc#1112178).\n\n - efi/x86: Ignore the memory attributes table on i386\n (git-fixes).\n\n - efi/x86: Map the entire EFI vendor string before copying\n it (git-fixes).\n\n - efi: cper: Fix possible out-of-bounds access\n (git-fixes).\n\n - efi: provide empty efi_enter_virtual_mode implementation\n (git-fixes).\n\n - efivarfs: fix memory leak in efivarfs_create()\n (git-fixes).\n\n - efivarfs: revert 'fix memory leak in efivarfs_create()'\n (git-fixes).\n\n - fuse: fix page dereference after free (bsc#1179213).\n\n - hv_balloon: disable warning when floor reached\n (git-fixes).\n\n - i40iw: Fix error handling in i40iw_manage_arp_cache()\n (bsc#1111666)\n\n - i40iw: Report correct firmware version (bsc#1111666)\n\n - i40iw: fix NULL pointer dereference on a null wqe\n pointer (bsc#1111666)\n\n - igc: Fix returning wrong statistics (bsc#1118657).\n\n - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM\n for setting tablet-mode (git-fixes).\n\n - iio: accel: kxcjk1013: Replace is_smo8500_device with an\n acpi_type enum (git-fixes).\n\n - iw_cxgb4: fix ECN check on the passive accept\n (bsc#1111666)\n\n - iw_cxgb4: only reconnect with MPAv1 if the peer aborts\n (bsc#1111666)\n\n - kABI workaround for usermodehelper changes\n (bsc#1179406).\n\n - kABI: add back flush_dcache_range (jsc#SLE-16402\n jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - libnvdimm/nvdimm/flush: Allow architecture to override\n the flush barrier (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - mac80211: always wind down STA state (git-fixes).\n\n - mac80211: free sta in sta_info_insert_finish() on errors\n (git-fixes).\n\n - mlxsw: core: Fix memory leak on module removal\n (bsc#1112374).\n\n - mm: always have io_remap_pfn_range() set\n pgprot_decrypted() (bsc#1112178).\n\n - net/tls: Fix kmap usage (bsc#1109837).\n\n - net/tls: missing received data after fast remote close\n (bsc#1109837).\n\n - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument\n (bsc#1103990 ).\n\n - net: ena: fix packet's addresses for rx_offset feature\n (bsc#1174852).\n\n - net: ena: handle bad request id in ena_netdev\n (git-fixes).\n\n - net: qed: fix 'maybe uninitialized' warning (bsc#1136460\n jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: qed: fix async event callbacks unregistering\n (bsc#1104393 bsc#1104389).\n\n - net: qede: fix PTP initialization on recovery\n (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: qede: fix use-after-free on recovery and AER\n handling (bsc#1136460 jsc#SLE-4691 bsc#1136461\n jsc#SLE-4692).\n\n - net: thunderx: use spin_lock_bh in\n nicvf_set_rx_mode_task() (bsc#1110096).\n\n - net_sched: fix a memory leak in atm_tc_init()\n (bsc#1056657 bsc#1056653 bsc#1056787).\n\n - nfc: s3fwrn5: use signed integer for parsing GPIO\n numbers (git-fixes).\n\n - nfp: use correct define to return NONE fec\n (bsc#1109837).\n\n - pinctrl: amd: fix incorrect way to disable debounce\n filter (git-fixes).\n\n - pinctrl: amd: use higher precision for 512 RtcClk\n (git-fixes).\n\n - pinctrl: aspeed: Fix GPI only function problem\n (git-fixes).\n\n - platform/x86: toshiba_acpi: Fix the wrong variable\n assignment (git-fixes).\n\n - powerpc/32: define helpers to get L1 cache sizes\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/64: flush_inval_dcache_range() becomes\n flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/64: reuse PPC32 static inline\n flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/mm: Flush cache on memory hot(un)plug\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add flush routines using new pmem store\n and sync instruction (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add new instructions for persistent\n storage and sync (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Avoid the barrier in flush routines\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Fix kernel crash due to wrong range value\n usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109\n ltc#187964).\n\n - powerpc/pmem: Initialize pmem device on newer hardware\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Restrict papr_scm to P8 and above\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Update ppc64 to use the new barrier\n instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109\n ltc#187964).\n\n - powerpc: Chunk calls to flush_dcache_range in\n arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109\n ltc#187964 git-fixes).\n\n - powerpc: define helpers to get L1 icache sizes\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - qed: fix error return code in qed_iwarp_ll2_start()\n (bsc#1050536 bsc#1050545).\n\n - qed: suppress 'do not support RoCE & iWARP' flooding on\n HW init (bsc#1050536 bsc#1050545).\n\n - qed: suppress false-positives interrupt error messages\n on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461\n jsc#SLE-4692).\n\n - reboot: fix overflow parsing reboot cpu number\n (bsc#1179421).\n\n - rxe: correctly calculate iCRC for unaligned payloads\n (bsc#1111666)\n\n - rxe: fix error completion wr_id and qp_num (bsc#1111666)\n\n - s390/cio: add cond_resched() in the slow_eval_known_fn()\n loop (bsc#1177805 LTC#188737).\n\n - s390/cpum_cf,perf: change DFLT_CCERROR counter name\n (bsc#1175916 LTC#187937).\n\n - s390/dasd: Fix zero write for FBA devices (bsc#1177808\n LTC#188739).\n\n - s390: kernel/uv: handle length extension properly\n (bsc#1178940 LTC#189323).\n\n - sched/core: Fix PI boosting between RT and DEADLINE\n tasks (bsc#1112178).\n\n - sched/x86: SaveFLAGS on context switch (bsc#1112178).\n\n - scripts/git_sort/git_sort.py: add ceph maintainers git\n tree\n\n - scsi: RDMA/srpt: Fix a credit leak for aborted commands\n (bsc#1111666)\n\n - staging: rtl8723bs: Add 024c:0627 to the list of SDIO\n device-ids (git-fixes).\n\n - svcrdma: Fix page leak in svc_rdma_recv_read_chunk()\n (bsc#1103992).\n\n - svcrdma: fix bounce buffers for unaligned offsets and\n multiple pages (bsc#1103992).\n\n - tcp: Set INET_ECN_xmit configuration in\n tcp_reinit_congestion_control (bsc#1109837).\n\n - tracing: Fix out of bounds write in get_trace_buf\n (bsc#1179403).\n\n - tty: serial: imx: keep console clocks always on\n (git-fixes).\n\n - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download\n mode (git-fixes).\n\n - usb: gadget: Fix memleak in gadgetfs_fill_super\n (git-fixes).\n\n - usb: gadget: f_midi: Fix memleak in f_midi_alloc\n (git-fixes).\n\n - usb: host: xhci-mtk: avoid runtime suspend when removing\n hcd (git-fixes).\n\n - usermodehelper: reset umask to default before executing\n user process (bsc#1179406).\n\n - video: hyperv_fb: Fix the cache type when mapping the\n VRAM (git-fixes).\n\n - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect\n (git-fixes).\n\n - x86/PCI: Fix intel_mid_pci.c build error when ACPI is\n not enabled (git-fixes).\n\n - x86/PCI: Mark Intel C620 MROMs as having non-compliant\n BARs (git-fixes).\n\n - x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n\n - x86/hyperv: Make vapic support x2apic mode (git-fixes).\n\n - x86/microcode/intel: Check patch signature before saving\n microcode for early loading (bsc#1112178).\n\n - x86/speculation: Allow IBPB to be conditionally enabled\n on CPUs with always-on STIBP (bsc#1112178).\n\n - x86/sysfb_efi: Add quirks for some devices with swapped\n width and height (git-fixes).\n\n - xfrm: Fix memleak on xfrm state destroy (bsc#1158775).\n\n - xfs: revert 'xfs: fix rmap key and record comparison\n functions' (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1064802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179429\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-devel-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-docs-html-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-macros-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-qa-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-vanilla-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-syms-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:13", "description": "The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3718-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3718-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143633", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3718-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143633);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25669\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3718-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179213\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179421\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203718-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8809a5f5\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-3718=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.75.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:28", "description": "The version of AOS installed on the remote host is prior to 6.0.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.0.1.6 advisory.\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777)\n\n - A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c.\n This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space (CVE-2021-22555)\n\n - In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. (CVE-2021-25214)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. (CVE-2021-32399)\n\n - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding;\n and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.\n (CVE-2021-33037)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0.1.6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27777", "CVE-2021-22555", "CVE-2021-25214", "CVE-2021-29154", "CVE-2021-29650", "CVE-2021-32399", "CVE-2021-33037", "CVE-2021-3715"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-6_0_1_6.NASL", "href": "https://www.tenable.com/plugins/nessus/164576", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164576);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2020-27777\",\n \"CVE-2021-3715\",\n \"CVE-2021-22555\",\n \"CVE-2021-25214\",\n \"CVE-2021-29154\",\n \"CVE-2021-29650\",\n \"CVE-2021-32399\",\n \"CVE-2021-33037\"\n );\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0.1.6)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 6.0.1.6. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-6.0.1.6 advisory.\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked\n down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to further increase their privileges to that of a\n running kernel. (CVE-2020-27777)\n\n - A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c.\n This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name\n space (CVE-2021-22555)\n\n - In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and\n 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11\n of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR\n triggering the flaw described above, the named process will terminate due to a failed assertion the next\n time the transferred secondary zone is refreshed. (CVE-2021-25214)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI\n controller. (CVE-2021-32399)\n\n - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP\n transfer-encoding request header in some circumstances leading to the possibility to request smuggling\n when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if\n the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding;\n and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.\n (CVE-2021-33037)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking\n subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat\n from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-6.0.1.6\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4b39a0a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3715\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter x_tables Heap OOB Write Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '6.0.1.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 6.0.1.6 or higher.', 'lts' : FALSE },\n { 'fixed_version' : '6.0.1.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 6.0.1.6 or higher.', 'lts' : FALSE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:36", "description": "The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-8694: Insufficient access control for some Intel(R) Processors may have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1170415).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).\n\nCVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3715-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15437", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-8694"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3715-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143619", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3715-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143619);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-8694\",\n \"CVE-2020-15437\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3715-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-8694: Insufficient access control for some Intel(R)\nProcessors may have allowed an authenticated user to potentially\nenable information disclosure via local access (bsc#1170415).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).\n\nCVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter()\n(bsc#1178393).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179213\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=927455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25704/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8694/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203715-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cde116d5\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3715=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-16.38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-16.38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-16.38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-16.38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-16.38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-16.38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-16.38.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:00:26", "description": "The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-13T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0095-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27825", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0095-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144908", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0095-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144908);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27825\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0095-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210095-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?283ed3db\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP1-2021-95=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-4.12.14-14.47.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:10:39", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4680-1 advisory.\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace. (CVE-2019-19770)\n\n - In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-161151868References: N/A (CVE-2020-0423)\n\n - Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. (CVE-2020-10135)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-06T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4680-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19770", "CVE-2020-0423", "CVE-2020-10135", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25705", "CVE-2020-27675", "CVE-2020-27777", "CVE-2020-28974"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1062-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1077-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1077-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1082-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1091-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1094-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-129-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-129-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-129-lowlatency"], "id": "UBUNTU_USN-4680-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144749", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4680-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144749);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2019-19770\",\n \"CVE-2020-0423\",\n \"CVE-2020-10135\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25705\",\n \"CVE-2020-27675\",\n \"CVE-2020-27777\",\n \"CVE-2020-28974\"\n );\n script_xref(name:\"USN\", value:\"4680-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4680-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4680-1 advisory.\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove\n function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously\n created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel\n developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of\n debugfs within blktrace. (CVE-2019-19770)\n\n - In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could\n lead to local escalation of privilege in the kernel with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-161151868References: N/A (CVE-2020-0423)\n\n - Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2\n and earlier may allow an unauthenticated user to complete authentication without pairing credentials via\n adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or\n slave to pair with a previously paired remote device to successfully complete the authentication procedure\n without knowing the link key. (CVE-2020-10135)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows\n to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked\n down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to further increase their privileges to that of a\n running kernel. (CVE-2020-27777)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4680-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19770\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1062-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1077-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1077-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1082-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1091-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1094-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-129-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-129-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-129-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.15.0': {\n 'generic': '4.15.0-129',\n 'generic-lpae': '4.15.0-129',\n 'lowlatency': '4.15.0-129',\n 'oracle': '4.15.0-1062',\n 'aws': '4.15.0-1091',\n 'azure': '4.15.0-1103'\n }\n },\n '18.04': {\n '4.15.0': {\n 'generic': '4.15.0-129',\n 'generic-lpae': '4.15.0-129',\n 'lowlatency': '4.15.0-129',\n 'oracle': '4.15.0-1062',\n 'gke': '4.15.0-1077',\n 'raspi2': '4.15.0-1077',\n 'kvm': '4.15.0-1082',\n 'aws': '4.15.0-1091',\n 'snapdragon': '4.15.0-1094',\n 'azure': '4.15.0-1103'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4680-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2019-19770', 'CVE-2020-0423', 'CVE-2020-10135', 'CVE-2020-25656', 'CVE-2020-25668', 'CVE-2020-25705', 'CVE-2020-27675', 'CVE-2020-27777', 'CVE-2020-28974');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4680-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:15", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3717-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3717-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143860", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3717-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143860);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3717-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25668: Fixed a concurrency use-after-free in con_font_op\n(bsc#1178123).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter()\n(bsc#1178393).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-25705: Fixed an issue which could have allowed to quickly\nscan open UDP ports. This flaw allowed an off-path remote user to\neffectively bypassing source port UDP randomization (bsc#1175721).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179213\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=927455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25704/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25705/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203717-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9106a420\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2020-3717=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.54.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-30T15:31:44", "description": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-29369: There was a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 bnc#1179432).\n\n - CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c, where uninitialized memory could leak to userspace, aka CID-bcf85fcedfdd (bnc#1179429).\n\n - CVE-2020-15436: Use-after-free vulnerability in fs/block_dev.c allowed local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field (bnc#1179141).\n\n - CVE-2020-25705: A flaw in the way reply ICMP packets are limited was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions may be vulnerable to this issue (bnc#1175721 bnc#1178782).\n\n - CVE-2020-15437: The Linux kernel was vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ ports() that allowed local users to cause a denial of service by using the p->serial_in pointer which uninitialized (bnc#1179140).\n\n - CVE-2020-27777: Restricted RTAS requests from userspace (bsc#1179107). \n\n - CVE-2020-28974: A slab-out-of-bounds read in fbcon could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height (bnc#1178589).\n\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666).\n\n - CVE-2020-28941: Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once (bnc#1178740).\n\n - CVE-2020-28915: A buffer over-read (at the framebuffer layer) in the fbcon code could be used by local attackers to read kernel memory, aka CID-6735b4632def (bnc#1178886).\n\n - CVE-2020-25669: Avoid a use-after-free in teardown paths in sunkbd (bsc#1178182).\n\nThe following non-security bugs were fixed :\n\n - 9P: Cast to loff_t before multiplying (git-fixes).\n\n - ACPI: GED: fix -Wformat (git-fixes).\n\n - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).\n\n - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes).\n\n - ACPI: dock: fix enum-conversion warning (git-fixes).\n\n - ACPICA: Add NHLT table signature (bsc#1176200).\n\n - ALSA: ctl: fix error path at adding user-defined element set (git-fixes).\n\n - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).\n\n - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes).\n\n - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes).\n\n - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes).\n\n - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes).\n\n - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes).\n\n - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes).\n\n - ALSA: mixart: Fix mutex deadlock (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).\n\n - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n\n - Add bug reference to two hv_netvsc patches (bsc#1178853).\n\n - Convert trailing spaces and periods in path components (bsc#1179424).\n\n - Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076).\n\n - Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64.\n\n - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001).\n\n - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001).\n\n - EDAC/amd64: Gather hardware information early (bsc#1179001).\n\n - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001).\n\n - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001).\n\n - EDAC/amd64: Save max number of controllers to family type (bsc#1179001).\n\n - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001).\n\n - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module.\n\n - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes).\n\n - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes).\n\n - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes).\n\n - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes).\n\n - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).\n\n - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes).\n\n - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes).\n\n - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).\n\n - NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180).\n\n - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n\n - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n\n - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449).\n\n - RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449).\n\n - RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449).\n\n - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449).\n\n - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464).\n\n - RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215).\n\n - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes).\n\n - Revert 'cdc-acm: hardening against malicious devices' (git-fixes).\n\n - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (git-fixes).\n\n - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes).\n\n - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353).\n\n - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).\n\n - USB: core: Change %pK for __user pointers to %px (git-fixes).\n\n - USB: core: Fix regression in Hercules audio card (git-fixes).\n\n - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes).\n\n - USB: serial: option: add Quectel EC200T module support (git-fixes).\n\n - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).\n\n - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes).\n\n - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes).\n\n - arm64: bpf: Fix branch offset in JIT (git-fixes).\n\n - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes).\n\n - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes).\n\n - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes).\n\n - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes).\n\n - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes).\n\n - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes).\n\n - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes).\n\n - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes).\n\n - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes).\n\n - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes).\n\n - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes).\n\n - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes).\n\n - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes).\n\n - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes).\n\n - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes).\n\n - batman-adv: set .owner to THIS_MODULE (git-fixes).\n\n - bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes).\n\n - bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518).\n\n - bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518).\n\n - bpf: Zero-fill re-used per-cpu map element (bsc#1155518).\n\n - btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217).\n\n - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217).\n\n - btrfs: fix relocation failure due to race with fallocate (bsc#1179217).\n\n - btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217).\n\n - btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217).\n\n - btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217).\n\n - btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217).\n\n - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes).\n\n - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes).\n\n - can: dev: can_restart(): post buffer from the right context (git-fixes).\n\n - can: flexcan: flexcan_setup_stop_mode(): add missing 'req_bit' to stop mode property comment (git-fixes).\n\n - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).\n\n - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes).\n\n - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes).\n\n - can: m_can: m_can_handle_state_change(): fix state change (git-fixes).\n\n - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes).\n\n - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes).\n\n - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes).\n\n - ceph: add check_session_state() helper and make it global (bsc#1179012).\n\n - ceph: check session state after bumping session->s_seq (bsc#1179012).\n\n - ceph: check the sesion state and return false in case it is closed (bsc#1179012).\n\n - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653).\n\n - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).\n\n - cfg80211: initialize wdev data earlier (git-fixes).\n\n - cfg80211: regulatory: Fix inconsistent format argument (git-fixes).\n\n - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).\n\n - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).\n\n - cifs: remove bogus debug code (bsc#1179427).\n\n - clk: define to_clk_regmap() as inline function (git-fixes).\n\n - cosa: Add missing kfree in error path of cosa_write (git-fixes).\n\n - dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073).\n\n - dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073).\n\n - devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353).\n\n - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).\n\n - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873).\n\n - drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397).\n\n - efi/efivars: Set generic ops before loading SSDT (git-fixes).\n\n - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).\n\n - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes).\n\n - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes).\n\n - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).\n\n - efi/x86: Fix the deletion of variables in mixed mode (git-fixes).\n\n - efi/x86: Free efi_pgd with free_pages() (git-fixes).\n\n - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes).\n\n - efi/x86: Ignore the memory attributes table on i386 (git-fixes).\n\n - efi/x86: Map the entire EFI vendor string before copying it (git-fixes).\n\n - efi: EFI_EARLYCON should depend on EFI (git-fixes).\n\n - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes).\n\n - efi: efibc: check for efivars write capability (git-fixes).\n\n - efi: provide empty efi_enter_virtual_mode implementation (git-fixes).\n\n - efivarfs: fix memory leak in efivarfs_create() (git-fixes).\n\n - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes).\n\n - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes).\n\n - ftrace: Fix recursion check for NMI test (git-fixes).\n\n - ftrace: Handle tracing when switching between context (git-fixes).\n\n - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).\n\n - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1149032).\n\n - gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes).\n\n - gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes).\n\n - gpio: pcie-idio-24: Fix irq mask when masking (git-fixes).\n\n - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes).\n\n - hv_balloon: disable warning when floor reached (git-fixes).\n\n - hv_netvsc: Add XDP support (bsc#1177820).\n\n - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820).\n\n - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820).\n\n - hv_netvsc: record hardware hash in skb (bsc#1177820).\n\n - hwmon: (pwm-fan) Fix RPM calculation (git-fixes).\n\n - i2c: mediatek: move dma reset before i2c reset (git-fixes).\n\n - i2c: sh_mobile: implement atomic transfers (git-fixes).\n\n - igc: Fix not considering the TX delay for timestamps (bsc#1160634).\n\n - igc: Fix wrong timestamp latency numbers (bsc#1160634).\n\n - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).\n\n - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).\n\n - iio: adc: mediatek: fix unset field (git-fixes).\n\n - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes).\n\n - intel_idle: Customize IceLake server support (bsc#1178286).\n\n - ionic: check port ptr before use (bsc#1167773).\n\n - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes).\n\n - kABI workaround for HD-audio (git-fixes).\n\n - kABI: revert use_mm name change (MM Functionality, bsc#1178426).\n\n - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015).\n\n - kernel-(binary,source).spec.in: do not create loop symlinks (bsc#1179082)\n\n - kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes).\n\n - kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426).\n\n - kgdb: Fix spurious true from in_dbg_master() (git-fixes).\n\n - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes).\n\n - lan743x: fix 'BUG: invalid wait context' when setting rx mode (git-fixes).\n\n - lan743x: fix issue causing intermittent kernel log warnings (git-fixes).\n\n - lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes).\n\n - lib/crc32test: remove extra local_irq_disable/enable (git-fixes).\n\n - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518).\n\n - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518).\n\n - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).\n\n - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - mac80211: always wind down STA state (git-fixes).\n\n - mac80211: fix use of skb payload instead of header (git-fixes).\n\n - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).\n\n - mac80211: minstrel: fix tx status processing corner case (git-fixes).\n\n - mac80211: minstrel: remove deferred sampling code (git-fixes).\n\n - mei: protect mei_cl_mtu from null dereference (git-fixes).\n\n - memcg: fix NULL pointer dereference in\n __mem_cgroup_usage_unregister_event (bsc#1177703).\n\n - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes).\n\n - mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755).\n\n - mm, memcg: fix inconsistent oom event behavior (bsc#1178659).\n\n - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)).\n\n - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235).\n\n - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)).\n\n - mm/memcg: fix refcount error while moving and swapping (bsc#1178686).\n\n - mm/memcontrol.c: add missed css_put() (bsc#1178661).\n\n - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426).\n\n - mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426).\n\n - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)).\n\n - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)).\n\n - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)).\n\n - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes).\n\n - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes).\n\n - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes).\n\n - modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076).\n\n - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464).\n\n - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464).\n\n - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873).\n\n - net: ena: Capitalize all log strings and improve code readability (bsc#1177397).\n\n - net: ena: Change RSS related macros and variables names (bsc#1177397).\n\n - net: ena: Change license into format to SPDX in all files (bsc#1177397).\n\n - net: ena: Change log message to netif/dev function (bsc#1177397).\n\n - net: ena: Fix all static chekers' warnings (bsc#1177397).\n\n - net: ena: Remove redundant print of placement policy (bsc#1177397).\n\n - net: ena: ethtool: Add new device statistics (bsc#1177397).\n\n - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).\n\n - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397).\n\n - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).\n\n - net: ena: handle bad request id in ena_netdev (bsc#1174852).\n\n - net: ena: xdp: add queue counters for xdp actions (bsc#1177397).\n\n - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353).\n\n - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873).\n\n - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).\n\n - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).\n\n - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873).\n\n - nvme: do not update disk info for multipathed device (bsc#1171558).\n\n - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).\n\n - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).\n\n - pinctrl: aspeed: Fix GPI only function problem (git-fixes).\n\n - pinctrl: intel: Set default bias in case no particular value given (git-fixes).\n\n - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes).\n\n - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).\n\n - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426).\n\n - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915).\n\n - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc/pseries: new lparcfg key/value pair:\n partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915).\n\n - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293).\n\n - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426).\n\n - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160).\n\n - reboot: fix overflow parsing reboot cpu number (git-fixes).\n\n - regulator: avoid resolve_supply() infinite recursion (git-fixes).\n\n - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes).\n\n - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze(100,200) (git-fixes).\n\n - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes).\n\n - regulator: workaround self-referent regulators (git-fixes).\n\n - rfkill: Fix use-after-free in rfkill_resume() (git-fixes).\n\n - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes).\n\n - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014)\n\n - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014)\n\n - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045)\n\n - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)\n\n - rpm/kernel-(source,binary).spec: do not include ghost symlinks (boo#1179082).\n\n - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one).\n\n - s390/bpf: Fix multiple tail calls (git-fixes).\n\n - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935).\n\n - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).\n\n - s390/dasd: fix NULL pointer dereference for ERP requests (git-fixes).\n\n - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes).\n\n - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342).\n\n - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341).\n\n - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)).\n\n - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)).\n\n - sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227).\n\n - sched: Fix rq->nr_iowait ordering (git fixes (sched)).\n\n - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros:\n section\n\n - scsi: libiscsi: Fix NOP race condition (bsc#1176481).\n\n - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873).\n\n - spi: lpspi: Fix use-after-free on unbind (git-fixes).\n\n - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).\n\n - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes).\n\n - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873).\n\n - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes).\n\n - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes).\n\n - timer: Fix wheel index calculation on last level (git-fixes).\n\n - timer: Prevent base->clk from moving backward (git-fixes).\n\n - tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes).\n\n - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes).\n\n - tracing: Fix out of bounds write in get_trace_buf (git-fixes).\n\n - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes).\n\n - tty: serial: fsl_lpuart: add LS1028A support (git-fixes).\n\n - tty: serial: imx: fix potential deadlock (git-fixes).\n\n - tty: serial: imx: keep console clocks always on (git-fixes).\n\n - uio: Fix use-after-free in uio_unregister_device() (git-fixes).\n\n - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).\n\n - usb: core: driver: fix stray tabs in error messages (git-fixes).\n\n - usb: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).\n\n - usb: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).\n\n - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes).\n\n - usb: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).\n\n - usb: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes).\n\n - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).\n\n - video: hyperv_fb: include vmalloc.h (git-fixes).\n\n - virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes).\n\n - vt: Disable KD_FONT_OP_COPY (bsc#1178589).\n\n - x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n\n - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes).\n\n - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489).\n\n - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489).\n\n - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).\n\n - xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes).\n\n - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes).\n\n - xfs: fix rmap key and record comparison functions (git-fixes).\n\n - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes).\n\n - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes).\n\n - xhci: Fix sizeof() mismatch (git-fixes).\n\n - xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes).", "cvss3": {}, "published": "2020-12-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-2161)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25669", "CVE-2020-25705", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-29369", "CVE-2020-29371", "CVE-2020-4788"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo", "p-cpe:/a:novell:opensuse:kernel-preempt-debugsource", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2161.NASL", "href": "https://www.tenable.com/plugins/nessus/143523", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2161.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143523);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25669\",\n \"CVE-2020-25705\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\",\n \"CVE-2020-29369\",\n \"CVE-2020-29371\",\n \"CVE-2020-4788\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-2161)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The openSUSE Leap 15.2 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-29369: There was a race condition between\n certain expand functions (expand_downwards and\n expand_upwards) and page-table free operations from an\n munmap call, aka CID-246c320a8cfe (bnc#1173504\n bnc#1179432).\n\n - CVE-2020-29371: An issue was discovered in\n romfs_dev_read in fs/romfs/storage.c, where\n uninitialized memory could leak to userspace, aka\n CID-bcf85fcedfdd (bnc#1179429).\n\n - CVE-2020-15436: Use-after-free vulnerability in\n fs/block_dev.c allowed local users to gain privileges or\n cause a denial of service by leveraging improper access\n to a certain error field (bnc#1179141).\n\n - CVE-2020-25705: A flaw in the way reply ICMP packets are\n limited was found that allowed to quickly scan open UDP\n ports. This flaw allowed an off-path remote user to\n effectively bypassing source port UDP randomization. The\n highest threat from this vulnerability is to\n confidentiality and possibly integrity, because software\n that relies on UDP source port randomization are\n indirectly affected as well. Kernel versions may be\n vulnerable to this issue (bnc#1175721 bnc#1178782).\n\n - CVE-2020-15437: The Linux kernel was vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_\n ports() that allowed local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized (bnc#1179140).\n\n - CVE-2020-27777: Restricted RTAS requests from userspace\n (bsc#1179107). \n\n - CVE-2020-28974: A slab-out-of-bounds read in fbcon could\n be used by local attackers to read privileged\n information or potentially crash the kernel, aka\n CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in\n drivers/tty/vt/vt.c can be used for manipulations such\n as font height (bnc#1178589).\n\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1)\n processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under\n extenuating circumstances. IBM X-Force ID: 189296\n (bnc#1177666).\n\n - CVE-2020-28941: Local attackers on systems with the\n speakup driver could cause a local denial of service\n attack, aka CID-d41227544427. This occurs because of an\n invalid free when the line discipline is used more than\n once (bnc#1178740).\n\n - CVE-2020-28915: A buffer over-read (at the framebuffer\n layer) in the fbcon code could be used by local\n attackers to read kernel memory, aka CID-6735b4632def\n (bnc#1178886).\n\n - CVE-2020-25669: Avoid a use-after-free in teardown paths\n in sunkbd (bsc#1178182).\n\nThe following non-security bugs were fixed :\n\n - 9P: Cast to loff_t before multiplying (git-fixes).\n\n - ACPI: GED: fix -Wformat (git-fixes).\n\n - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).\n\n - ACPI: button: Add DMI quirk for Medion Akoya E2228T\n (git-fixes).\n\n - ACPI: dock: fix enum-conversion warning (git-fixes).\n\n - ACPICA: Add NHLT table signature (bsc#1176200).\n\n - ALSA: ctl: fix error path at adding user-defined element\n set (git-fixes).\n\n - ALSA: firewire: Clean up a locking issue in\n copy_resp_to_buf() (git-fixes).\n\n - ALSA: hda/realtek - Add supported for Lenovo ThinkPad\n Headset Button (git-fixes).\n\n - ALSA: hda/realtek - Add supported mute Led for HP\n (git-fixes).\n\n - ALSA: hda/realtek - HP Headset Mic can't detect after\n boot (git-fixes).\n\n - ALSA: hda/realtek: Add some Clove SSID in the\n ALC293(ALC1220) (git-fixes).\n\n - ALSA: hda: Reinstate runtime_allow() for all hda\n controllers (git-fixes).\n\n - ALSA: hda: fix jack detection with Realtek codecs when\n in D3 (git-fixes).\n\n - ALSA: mixart: Fix mutex deadlock (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for all Logitech USB\n devices (git-fixes).\n\n - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n\n - Add bug reference to two hv_netvsc patches\n (bsc#1178853).\n\n - Convert trailing spaces and periods in path components\n (bsc#1179424).\n\n - Documentation/admin-guide/module-signing.rst: add\n openssl command option example for CodeSign EKU\n (bsc#1177353, bsc#1179076).\n\n - Drop sysctl files for dropped archs, add ppc64le and arm\n (bsc#1178838). Also correct the page size on ppc64.\n\n - EDAC/amd64: Cache secondary Chip Select registers\n (bsc#1179001).\n\n - EDAC/amd64: Find Chip Select memory size using Address\n Mask (bsc#1179001).\n\n - EDAC/amd64: Gather hardware information early\n (bsc#1179001).\n\n - EDAC/amd64: Initialize DIMM info for systems with more\n than two channels (bsc#1179001).\n\n - EDAC/amd64: Make struct amd64_family_type global\n (bsc#1179001).\n\n - EDAC/amd64: Save max number of controllers to family\n type (bsc#1179001).\n\n - EDAC/amd64: Support asymmetric dual-rank DIMMs\n (bsc#1179001).\n\n - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201)\n CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it\n as module.\n\n - HID: logitech-dj: Fix Dinovo Mini when paired with a\n MX5x00 receiver (git-fixes).\n\n - HID: logitech-dj: Fix an error in\n mse_bluetooth_descriptor (git-fixes).\n\n - HID: logitech-dj: Handle quad/bluetooth keyboards with a\n builtin trackpad (git-fixes).\n\n - HID: logitech-hidpp: Add PID for MX Anywhere 2\n (git-fixes).\n\n - Input: adxl34x - clean up a data type in adxl34x_probe()\n (git-fixes).\n\n - Input: resistive-adc-touch - fix kconfig dependency on\n IIO_BUFFER (git-fixes).\n\n - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return\n SMCCC_RET_NOT_REQUIRED (git-fixes).\n\n - NFS: only invalidate dentrys that are clearly invalid\n (bsc#1178669 bsc#1170139).\n\n - NFSv4.x recover from pre-mature loss of openstateid\n (bsc#1176180).\n\n - NFSv4: Handle NFS4ERR_OLD_STATEID in\n CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n\n - NFSv4: Wait for stateid updates after\n CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n\n - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP\n (jsc#SLE-8449).\n\n - RDMA/hns: Fix the wrong value of rnr_retry when querying\n qp (jsc#SLE-8449).\n\n - RDMA/hns: Fix wrong field of SRQ number the device\n supports (jsc#SLE-8449).\n\n - RDMA/hns: Solve the overflow of the calc_pg_sz()\n (jsc#SLE-8449).\n\n - RDMA/mlx5: Fix devlink deadlock on net namespace\n deletion (jsc#SLE-8464).\n\n - RDMA/qedr: Fix return code if accept is called on a\n destroyed qp (jsc#SLE-8215).\n\n - RDMA/ucma: Add missing locking around\n rdma_leave_multicast() (git-fixes).\n\n - Revert 'cdc-acm: hardening against malicious devices'\n (git-fixes).\n\n - Revert 'kernel/reboot.c: convert simple_strtoul to\n kstrtoint' (git-fixes).\n\n - SUNRPC: Fix general protection fault in\n trace_rpc_xdr_overflow() (git-fixes).\n\n - SUNRPC: fix copying of multiple pages in\n gss_read_proxy_verf() (bsc#1154353).\n\n - USB: Add NO_LPM quirk for Kingston flash drive\n (git-fixes).\n\n - USB: core: Change %pK for __user pointers to %px\n (git-fixes).\n\n - USB: core: Fix regression in Hercules audio card\n (git-fixes).\n\n - USB: serial: option: add LE910Cx compositions 0x1203,\n 0x1230, 0x1231 (git-fixes).\n\n - USB: serial: option: add Quectel EC200T module support\n (git-fixes).\n\n - USB: serial: option: add Telit FN980 composition 0x1055\n (git-fixes).\n\n - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs\n (git-fixes).\n\n - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs\n (git-fixes).\n\n - arm64: bpf: Fix branch offset in JIT (git-fixes).\n\n - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX\n delay (git-fixes).\n\n - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet\n node (git-fixes).\n\n - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet\n node (git-fixes).\n\n - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII\n RX/TX delay on PHY (git-fixes).\n\n - arm64: dts: allwinner: beelink-gs1: Enable both RGMII\n RX/TX delay (git-fixes).\n\n - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet\n node (git-fixes).\n\n - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet\n node (git-fixes).\n\n - arm64: dts: fsl: DPAA FMan DMA operations are coherent\n (git-fixes).\n\n - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating\n point (git-fixes).\n\n - arm64: dts: imx8mq: Add missing interrupts to GPC\n (git-fixes).\n\n - arm64: dts: imx8mq: Fix TMU interrupt property\n (git-fixes).\n\n - arm64: dts: zynqmp: Remove additional compatible string\n for i2c IPs (git-fixes).\n\n - arm64: kprobe: add checks for ARMv8.3-PAuth combined\n instructions (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra186\n SDMMC nodes (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra194\n SDMMC nodes (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra210\n SDMMC (git-fixes).\n\n - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes).\n\n - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes).\n\n - batman-adv: set .owner to THIS_MODULE (git-fixes).\n\n - bnxt_en: Avoid sending firmware messages when AER error\n is detected (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Check abort error state in bnxt_open_nic()\n (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix NULL ptr dereference crash in\n bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix regression in workqueue cleanup logic in\n bnxt_remove_one() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also\n (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally\n (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: return proper error codes in bnxt_show_temp\n (git-fixes).\n\n - bpf: Do not rely on GCC __attribute__((optimize)) to\n disable GCSE (bsc#1155518).\n\n - bpf: Fix comment for helper\n bpf_current_task_under_cgroup() (bsc#1155518).\n\n - bpf: Zero-fill re-used per-cpu map element\n (bsc#1155518).\n\n - btrfs: fix bytes_may_use underflow in prealloc error\n condtition (bsc#1179217).\n\n - btrfs: fix metadata reservation for fallocate that leads\n to transaction aborts (bsc#1179217).\n\n - btrfs: fix relocation failure due to race with fallocate\n (bsc#1179217).\n\n - btrfs: remove item_size member of struct\n btrfs_clone_extent_info (bsc#1179217).\n\n - btrfs: rename btrfs_insert_clone_extent() to a more\n generic name (bsc#1179217).\n\n - btrfs: rename btrfs_punch_hole_range() to a more generic\n name (bsc#1179217).\n\n - btrfs: rename struct btrfs_clone_extent_info to a more\n generic name (bsc#1179217).\n\n - can: af_can: prevent potential access of uninitialized\n member in can_rcv() (git-fixes).\n\n - can: af_can: prevent potential access of uninitialized\n member in canfd_rcv() (git-fixes).\n\n - can: dev: can_restart(): post buffer from the right\n context (git-fixes).\n\n - can: flexcan: flexcan_setup_stop_mode(): add missing\n 'req_bit' to stop mode property comment (git-fixes).\n\n - can: gs_usb: fix endianess problem with candleLight\n firmware (git-fixes).\n\n - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming\n limits (git-fixes).\n\n - can: m_can: fix nominal bitiming tseg2 min for version\n >= 3.1 (git-fixes).\n\n - can: m_can: m_can_handle_state_change(): fix state\n change (git-fixes).\n\n - can: m_can: m_can_stop(): set device to software init\n mode before closing (git-fixes).\n\n - can: mcba_usb: mcba_usb_start_xmit(): first fill skb,\n then pass to can_put_echo_skb() (git-fixes).\n\n - can: peak_usb: fix potential integer overflow on shift\n of a int (git-fixes).\n\n - ceph: add check_session_state() helper and make it\n global (bsc#1179012).\n\n - ceph: check session state after bumping session->s_seq\n (bsc#1179012).\n\n - ceph: check the sesion state and return false in case it\n is closed (bsc#1179012).\n\n - ceph: downgrade warning from mdsmap decode to debug\n (bsc#1178653).\n\n - ceph: fix race in concurrent __ceph_remove_cap\n invocations (bsc#1178635).\n\n - cfg80211: initialize wdev data earlier (git-fixes).\n\n - cfg80211: regulatory: Fix inconsistent format argument\n (git-fixes).\n\n - cifs: Fix incomplete memory allocation on setxattr path\n (bsc#1179211).\n\n - cifs: Return the error from crypt_message when enc/dec\n key not found (bsc#1179426).\n\n - cifs: remove bogus debug code (bsc#1179427).\n\n - clk: define to_clk_regmap() as inline function\n (git-fixes).\n\n - cosa: Add missing kfree in error path of cosa_write\n (git-fixes).\n\n - dax: Fix stack overflow when mounting fsdax pmem device\n (bsc#1171073).\n\n - dax: fix detection of dax support for non-persistent\n memory block devices (bsc#1171073).\n\n - devlink: Make sure devlink instance and port are in same\n net namespace (bsc#1154353).\n\n - docs: ABI: sysfs-c2port: remove a duplicated entry\n (git-fixes).\n\n - drbd: code cleanup by using sendpage_ok() to check page\n for kernel_sendpage() (bsc#1172873).\n\n - drivers/net/ethernet: remove incorrectly formatted doc\n (bsc#1177397).\n\n - efi/efivars: Set generic ops before loading SSDT\n (git-fixes).\n\n - efi/esrt: Fix reference count leak in\n esre_create_sysfs_entry (git-fixes).\n\n - efi/libstub/x86: Work around LLVM ELF quirk build\n regression (git-fixes).\n\n - efi/x86: Align GUIDs to their size in the mixed mode\n runtime wrapper (git-fixes).\n\n - efi/x86: Do not panic or BUG() on non-critical error\n conditions (git-fixes).\n\n - efi/x86: Fix the deletion of variables in mixed mode\n (git-fixes).\n\n - efi/x86: Free efi_pgd with free_pages() (git-fixes).\n\n - efi/x86: Handle by-ref arguments covering multiple pages\n in mixed mode (git-fixes).\n\n - efi/x86: Ignore the memory attributes table on i386\n (git-fixes).\n\n - efi/x86: Map the entire EFI vendor string before copying\n it (git-fixes).\n\n - efi: EFI_EARLYCON should depend on EFI (git-fixes).\n\n - efi: add missed destroy_workqueue when efisubsys_init\n fails (git-fixes).\n\n - efi: efibc: check for efivars write capability\n (git-fixes).\n\n - efi: provide empty efi_enter_virtual_mode implementation\n (git-fixes).\n\n - efivarfs: fix memory leak in efivarfs_create()\n (git-fixes).\n\n - efivarfs: revert 'fix memory leak in efivarfs_create()'\n (git-fixes).\n\n - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into\n linux/font.h (git-fixes).\n\n - ftrace: Fix recursion check for NMI test (git-fixes).\n\n - ftrace: Handle tracing when switching between context\n (git-fixes).\n\n - futex: Do not enable IRQs unconditionally in\n put_pi_state() (bsc#1149032).\n\n - futex: Handle transient 'ownerless' rtmutex state\n correctly (bsc#1149032).\n\n - gpio: pcie-idio-24: Enable PEX8311 interrupts\n (git-fixes).\n\n - gpio: pcie-idio-24: Fix IRQ Enable Register value\n (git-fixes).\n\n - gpio: pcie-idio-24: Fix irq mask when masking\n (git-fixes).\n\n - hv: clocksource: Add notrace attribute to\n read_hv_sched_clock_*() functions (git-fixes).\n\n - hv_balloon: disable warning when floor reached\n (git-fixes).\n\n - hv_netvsc: Add XDP support (bsc#1177820).\n\n - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs\n (bsc#1177820).\n\n - hv_netvsc: make recording RSS hash depend on feature\n flag (bsc#1177820).\n\n - hv_netvsc: record hardware hash in skb (bsc#1177820).\n\n - hwmon: (pwm-fan) Fix RPM calculation (git-fixes).\n\n - i2c: mediatek: move dma reset before i2c reset\n (git-fixes).\n\n - i2c: sh_mobile: implement atomic transfers (git-fixes).\n\n - igc: Fix not considering the TX delay for timestamps\n (bsc#1160634).\n\n - igc: Fix wrong timestamp latency numbers (bsc#1160634).\n\n - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM\n for setting tablet-mode (git-fixes).\n\n - iio: accel: kxcjk1013: Replace is_smo8500_device with an\n acpi_type enum (git-fixes).\n\n - iio: adc: mediatek: fix unset field (git-fixes).\n\n - iio: light: fix kconfig dependency bug for VCNL4035\n (git-fixes).\n\n - intel_idle: Customize IceLake server support\n (bsc#1178286).\n\n - ionic: check port ptr before use (bsc#1167773).\n\n - iwlwifi: mvm: write queue_sync_state only for sync\n (git-fixes).\n\n - kABI workaround for HD-audio (git-fixes).\n\n - kABI: revert use_mm name change (MM Functionality,\n bsc#1178426).\n\n - kernel-source.spec: Fix build with rpm 4.16\n (boo#1179015).\n\n - kernel-(binary,source).spec.in: do not create loop\n symlinks (bsc#1179082)\n\n - kernel/watchdog: fix watchdog_allowed_mask not used\n warning (git-fixes).\n\n - kernel: better document the use_mm/unuse_mm API contract\n (MM Functionality, bsc#1178426).\n\n - kgdb: Fix spurious true from in_dbg_master()\n (git-fixes).\n\n - kthread_worker: prevent queuing delayed work from\n timer_fn when it is being canceled (git-fixes).\n\n - lan743x: fix 'BUG: invalid wait context' when setting rx\n mode (git-fixes).\n\n - lan743x: fix issue causing intermittent kernel log\n warnings (git-fixes).\n\n - lan743x: prevent entire kernel HANG on open, for some\n platforms (git-fixes).\n\n - lib/crc32test: remove extra local_irq_disable/enable\n (git-fixes).\n\n - lib/strncpy_from_user.c: Mask out bytes after NUL\n terminator (bsc#1155518).\n\n - libbpf, hashmap: Fix undefined behavior in hash_bits\n (bsc#1155518).\n\n - libceph: use sendpage_ok() in ceph_tcp_sendpage()\n (bsc#1172873).\n\n - libnvdimm/nvdimm/flush: Allow architecture to override\n the flush barrier (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - mac80211: always wind down STA state (git-fixes).\n\n - mac80211: fix use of skb payload instead of header\n (git-fixes).\n\n - mac80211: free sta in sta_info_insert_finish() on errors\n (git-fixes).\n\n - mac80211: minstrel: fix tx status processing corner case\n (git-fixes).\n\n - mac80211: minstrel: remove deferred sampling code\n (git-fixes).\n\n - mei: protect mei_cl_mtu from null dereference\n (git-fixes).\n\n - memcg: fix NULL pointer dereference in\n __mem_cgroup_usage_unregister_event (bsc#1177703).\n\n - mfd: sprd: Add wakeup capability for PMIC IRQ\n (git-fixes).\n\n - mm, THP, swap: fix allocating cluster for swapfile by\n mistake (bsc#1178755).\n\n - mm, memcg: fix inconsistent oom event behavior\n (bsc#1178659).\n\n - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git\n fixes (mm/gup)).\n\n - mm/gup: fix gup_fast with dynamic page table folding\n (bnc#1176586, LTC#188235).\n\n - mm/ksm: fix NULL pointer dereference when KSM zero page\n is enabled (git fixes (mm/ksm)).\n\n - mm/memcg: fix refcount error while moving and swapping\n (bsc#1178686).\n\n - mm/memcontrol.c: add missed css_put() (bsc#1178661).\n\n - mm: fix exec activate_mm vs TLB shootdown and lazy tlb\n switching race (MM Functionality, bsc#1178426).\n\n - mm: fix kthread_use_mm() vs TLB invalidate (MM\n Functionality, bsc#1178426).\n\n - mm: mempolicy: require at least one nodeid for\n MPOL_PREFERRED (git fixes (mm/mempolicy)).\n\n - mm: swap: make page_evictable() inline (git fixes\n (mm/vmscan)).\n\n - mm: swap: use smp_mb__after_atomic() to order LRU bit\n set (git fixes (mm/vmscan)).\n\n - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free()\n at remove (git-fixes).\n\n - mmc: sdhci-of-esdhc: Handle pulse width detection\n erratum for more SoCs (git-fixes).\n\n - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode\n for BYT-based Intel controllers (git-fixes).\n\n - modsign: Add codeSigning EKU when generating X.509 key\n generation config (bsc#1177353, bsc#1179076).\n\n - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464).\n\n - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if\n qos disabled (jsc#SLE-8464).\n\n - net: add WARN_ONCE in kernel_sendpage() for improper\n zero-copy send (bsc#1172873).\n\n - net: ena: Capitalize all log strings and improve code\n readability (bsc#1177397).\n\n - net: ena: Change RSS related macros and variables names\n (bsc#1177397).\n\n - net: ena: Change license into format to SPDX in all\n files (bsc#1177397).\n\n - net: ena: Change log message to netif/dev function\n (bsc#1177397).\n\n - net: ena: Fix all static chekers' warnings\n (bsc#1177397).\n\n - net: ena: Remove redundant print of placement policy\n (bsc#1177397).\n\n - net: ena: ethtool: Add new device statistics\n (bsc#1177397).\n\n - net: ena: ethtool: add stats printing to XDP queues\n (bsc#1177397).\n\n - net: ena: ethtool: convert stat_offset to 64 bit\n resolution (bsc#1177397).\n\n - net: ena: fix packet's addresses for rx_offset feature\n (bsc#1174852).\n\n - net: ena: handle bad request id in ena_netdev\n (bsc#1174852).\n\n - net: ena: xdp: add queue counters for xdp actions\n (bsc#1177397).\n\n - net: fix pos incrementment in ipv6_route_seq_next\n (bsc#1154353).\n\n - net: introduce helper sendpage_ok() in\n include/linux/net.h (bsc#1172873).\n\n - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition\n (git-fixes).\n\n - nfc: s3fwrn5: use signed integer for parsing GPIO\n numbers (git-fixes).\n\n - nvme-tcp: check page by sendpage_ok() before calling\n kernel_sendpage() (bsc#1172873).\n\n - nvme: do not update disk info for multipathed device\n (bsc#1171558).\n\n - pinctrl: amd: fix incorrect way to disable debounce\n filter (git-fixes).\n\n - pinctrl: amd: use higher precision for 512 RtcClk\n (git-fixes).\n\n - pinctrl: aspeed: Fix GPI only function problem\n (git-fixes).\n\n - pinctrl: intel: Set default bias in case no particular\n value given (git-fixes).\n\n - platform/x86: thinkpad_acpi: Send tablet mode switch at\n wakeup time (git-fixes).\n\n - platform/x86: toshiba_acpi: Fix the wrong variable\n assignment (git-fixes).\n\n - powerpc/64s/radix: Fix mm_cpumask trimming race vs\n kthread_use_mm (MM Functionality, bsc#1178426).\n\n - powerpc/perf: consolidate GPCI hcall structs into\n asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915).\n\n - powerpc/pmem: Add flush routines using new pmem store\n and sync instruction (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add new instructions for persistent\n storage and sync (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Avoid the barrier in flush routines\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Initialize pmem device on newer hardware\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Restrict papr_scm to P8 and above\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Update ppc64 to use the new barrier\n instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109\n ltc#187964).\n\n - powerpc/pseries: Add KVM guest doorbell restrictions\n (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc/pseries: Use doorbells even if XIVE is available\n (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc/pseries: new lparcfg key/value pair:\n partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915).\n\n - powerpc/vnic: Extend 'failover pending' window\n (bsc#1176855 ltc#187293).\n\n - powerpc: Inline doorbell sending functions\n (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM\n Functionality, bsc#1178426).\n\n - qla2xxx: Add MODULE_VERSION back to driver\n (bsc#1179160).\n\n - reboot: fix overflow parsing reboot cpu number\n (git-fixes).\n\n - regulator: avoid resolve_supply() infinite recursion\n (git-fixes).\n\n - regulator: fix memory leak with repeated\n set_machine_constraints() (git-fixes).\n\n - regulator: pfuze100: limit pfuze-support-disable-sw to\n pfuze(100,200) (git-fixes).\n\n - regulator: ti-abb: Fix array out of bound read access on\n the first transition (git-fixes).\n\n - regulator: workaround self-referent regulators\n (git-fixes).\n\n - rfkill: Fix use-after-free in rfkill_resume()\n (git-fixes).\n\n - ring-buffer: Fix recursion protection transitions\n between interrupt context (git-fixes).\n\n - rpm/kernel-binary.spec.in: avoid using barewords\n (bsc#1179014)\n\n - rpm/kernel-binary.spec.in: avoid using more barewords\n (bsc#1179014)\n\n - rpm/kernel-binary.spec.in: use grep -E instead of egrep\n (bsc#1179045)\n\n - rpm/kernel-obs-build.spec.in: Add -q option to modprobe\n calls (bsc#1178401)\n\n - rpm/kernel-(source,binary).spec: do not include ghost\n symlinks (boo#1179082).\n\n - rpm/mkspec: do not build kernel-obs-build on x86_32 We\n want to use 64bit kernel due to various bugs\n (bsc#1178762 to name one).\n\n - s390/bpf: Fix multiple tail calls (git-fixes).\n\n - s390/cpum_cf,perf: change DFLT_CCERROR counter name\n (bsc#1175918 LTC#187935).\n\n - s390/cpum_sf.c: fix file permission for cpum_sfb_size\n (git-fixes).\n\n - s390/dasd: fix NULL pointer dereference for ERP requests\n (git-fixes).\n\n - s390/pkey: fix paes selftest failure with paes and pkey\n static build (git-fixes).\n\n - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070\n LTC#188342).\n\n - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066\n LTC#188341).\n\n - sched/fair: Ensure tasks spreading in LLC during LB (git\n fixes (sched)).\n\n - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list\n (git fixes (sched)).\n\n - sched: Fix loadavg accounting race on arm64 kabi\n (bnc#1178227).\n\n - sched: Fix rq->nr_iowait ordering (git fixes (sched)).\n\n - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros:\n section\n\n - scsi: libiscsi: Fix NOP race condition (bsc#1176481).\n\n - scsi: libiscsi: use sendpage_ok() in\n iscsi_tcp_segment_map() (bsc#1172873).\n\n - spi: lpspi: Fix use-after-free on unbind (git-fixes).\n\n - staging: rtl8723bs: Add 024c:0627 to the list of SDIO\n device-ids (git-fixes).\n\n - svcrdma: fix bounce buffers for unaligned offsets and\n multiple pages (git-fixes).\n\n - tcp: use sendpage_ok() to detect misused .sendpage\n (bsc#1172873).\n\n - thunderbolt: Add the missed ida_simple_remove() in\n ring_request_msix() (git-fixes).\n\n - thunderbolt: Fix memory leak if ida_simple_get() fails\n in enumerate_services() (git-fixes).\n\n - timer: Fix wheel index calculation on last level\n (git-fixes).\n\n - timer: Prevent base->clk from moving backward\n (git-fixes).\n\n - tpm: efi: Do not create binary_bios_measurements file\n for an empty log (git-fixes).\n\n - tpm_tis: Disable interrupts on ThinkPad T490s\n (git-fixes).\n\n - tracing: Fix out of bounds write in get_trace_buf\n (git-fixes).\n\n - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16\n words, like LS1028A (git-fixes).\n\n - tty: serial: fsl_lpuart: add LS1028A support\n (git-fixes).\n\n - tty: serial: imx: fix potential deadlock (git-fixes).\n\n - tty: serial: imx: keep console clocks always on\n (git-fixes).\n\n - uio: Fix use-after-free in uio_unregister_device()\n (git-fixes).\n\n - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download\n mode (git-fixes).\n\n - usb: core: driver: fix stray tabs in error messages\n (git-fixes).\n\n - usb: gadget: Fix memleak in gadgetfs_fill_super\n (git-fixes).\n\n - usb: gadget: f_midi: Fix memleak in f_midi_alloc\n (git-fixes).\n\n - usb: gadget: goku_udc: fix potential crashes in probe\n (git-fixes).\n\n - usb: host: fsl-mph-dr-of: check return of dma_set_mask()\n (git-fixes).\n\n - usb: typec: tcpm: reset hard_reset_count for any\n disconnect (git-fixes).\n\n - video: hyperv_fb: Fix the cache type when mapping the\n VRAM (git-fixes).\n\n - video: hyperv_fb: include vmalloc.h (git-fixes).\n\n - virtio: virtio_console: fix DMA memory allocation for\n rproc serial (git-fixes).\n\n - vt: Disable KD_FONT_OP_COPY (bsc#1178589).\n\n - x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n\n - x86/i8259: Use printk_deferred() to prevent deadlock\n (git-fixes).\n\n - x86/microcode/intel: Check patch signature before saving\n microcode for early loading (bsc#1152489).\n\n - x86/speculation: Allow IBPB to be conditionally enabled\n on CPUs with always-on STIBP (bsc#1152489).\n\n - xfs: fix a missing unlock on error in xfs_fs_map_blocks\n (git-fixes).\n\n - xfs: fix brainos in the refcount scrubber's rmap\n fragment processor (git-fixes).\n\n - xfs: fix flags argument to rmap lookup when converting\n shared file rmaps (git-fixes).\n\n - xfs: fix rmap key and record comparison functions\n (git-fixes).\n\n - xfs: revert 'xfs: fix rmap key and record comparison\n functions' (git-fixes).\n\n - xfs: set the unwritten bit in rmap lookup flags in\n xchk_bmap_get_rmapextents (git-fixes).\n\n - xhci: Fix sizeof() mismatch (git-fixes).\n\n - xhci: hisilicon: fix refercence leak in xhci_histb_probe\n (git-fixes).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179432\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debuginfo-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debugsource-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-debuginfo-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debuginfo-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debugsource-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-debuginfo-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-devel-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-docs-html-5.3.18-lp152.54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debuginfo-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debugsource-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-macros-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-debugsource-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-qa-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debuginfo-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debugsource-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-vanilla-5.3.18-lp152.54.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-syms-5.3.18-lp152.54.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-debuginfo / kernel-debug-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-30T15:32:33", "description": "The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-25705: Fixed A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740).\n\nCVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 bsc#1179432).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-14T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3764-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25669", "CVE-2020-25705", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-28915", "CVE-2020-28941", "CVE-2020-29369", "CVE-2020-29371", "CVE-2020-4788"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3764-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144143", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3764-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144143);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25669\",\n \"CVE-2020-25705\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-28915\",\n \"CVE-2020-28941\",\n \"CVE-2020-29369\",\n \"CVE-2020-29371\",\n \"CVE-2020-4788\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3764-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-25705: Fixed A flaw in the way reply ICMP packets are limited\nin was found that allowed to quickly scan open UDP ports. This flaw\nallowed an off-path remote user to effectively bypassing source port\nUDP randomization. The highest threat from this vulnerability is to\nconfidentiality and possibly integrity, because software and services\nthat rely on UDP source port randomization (like DNS) are indirectly\naffected as well. Kernel versions may be vulnerable to this issue\n(bsc#1175721, bsc#1178782).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28941: Fixed an issue where local attackers on systems with\nthe speakup driver could cause a local denial of service attack\n(bsc#1178740).\n\nCVE-2020-29369: Fixed a race condition between certain expand\nfunctions (expand_downwards and expand_upwards) and page-table free\noperations from an munmap call, aka CID-246c320a8cfe (bnc#1173504\nbsc#1179432).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178756\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25705/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28941/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29369/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203764-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cc5e9fd6\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP2-2020-3764=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27786\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-rt-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-5.3.18-19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-5.3.18-19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:36", "description": "The SUSE Linux Enterprise 15-SP1 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095 (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3798-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-20934", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371", "CVE-2020-4788"], "modified": "2020-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3798-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144259", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3798-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144259);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2018-20669\", \"CVE-2019-20934\", \"CVE-2020-15436\", \"CVE-2020-15437\", \"CVE-2020-25669\", \"CVE-2020-27777\", \"CVE-2020-27786\", \"CVE-2020-28915\", \"CVE-2020-28974\", \"CVE-2020-29371\", \"CVE-2020-4788\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3798-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15-SP1 RT kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in\ndrivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c\n(bsc#1179663).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel, aka CID-3c4e0dff2095 (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20934/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15436/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15437/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27777/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27786/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-28915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-28974/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-29371/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-4788/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203798-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84d49865\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-3798=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-4.12.14-14.44.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:11", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1566 advisory.\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace. (CVE-2019-19770)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. (CVE-2020-25704)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.\n Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.\n (CVE-2020-28941)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2020-1566)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19770", "CVE-2020-14351", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-8694"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.209-160.335", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1566.NASL", "href": "https://www.tenable.com/plugins/nessus/143589", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1566.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143589);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-19770\",\n \"CVE-2020-8694\",\n \"CVE-2020-14351\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\",\n \"CVE-2020-27777\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\"\n );\n script_xref(name:\"ALAS\", value:\"2020-1566\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2020-1566)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1566 advisory.\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove\n function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously\n created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel\n developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of\n debugfs within blktrace. (CVE-2019-19770)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of\n service. (CVE-2020-25704)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users\n can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.\n Local attackers on systems with the speakup driver could cause a local denial of service attack, aka\n CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.\n (CVE-2020-28941)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1566.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8694\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19770\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.209-160.335\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2019-19770\", \"CVE-2020-8694\", \"CVE-2020-14351\", \"CVE-2020-25656\", \"CVE-2020-25668\", \"CVE-2020-25669\", \"CVE-2020-25704\", \"CVE-2020-27673\", \"CVE-2020-27675\", \"CVE-2020-27777\", \"CVE-2020-28941\", \"CVE-2020-28974\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2020-1566\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-devel-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-devel-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.209-160.335.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-livepatch-4.14.209-160.335-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-debuginfo-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-debuginfo-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-devel-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-devel-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perf-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perf-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perf-debuginfo-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perf-debuginfo-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'python-perf-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'python-perf-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'python-perf-debuginfo-4.14.209-160.335.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'python-perf-debuginfo-4.14.209-160.335.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:41", "description": "The version of kernel installed on the remote host is prior to 4.14.209-117.337. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1461 advisory.\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace. (CVE-2019-19770)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. (CVE-2020-25704)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.\n Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.\n (CVE-2020-28941)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-14T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2021-1461)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19770", "CVE-2020-14351", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-8694"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2021-1461.NASL", "href": "https://www.tenable.com/plugins/nessus/145005", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1461.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145005);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-19770\",\n \"CVE-2020-8694\",\n \"CVE-2020-14351\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\",\n \"CVE-2020-27777\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\"\n );\n script_xref(name:\"ALAS\", value:\"2021-1461\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2021-1461)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.209-117.337. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2021-1461 advisory.\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove\n function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously\n created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel\n developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of\n debugfs within blktrace. (CVE-2019-19770)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of\n service. (CVE-2020-25704)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users\n can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked\n down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to further increase their privileges to that of a\n running kernel. (CVE-2020-27777)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.\n Local attackers on systems with the speakup driver could cause a local denial of service attack, aka\n CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.\n (CVE-2020-28941)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2021-1461.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8694\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19770\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2019-19770\", \"CVE-2020-8694\", \"CVE-2020-14351\", \"CVE-2020-25656\", \"CVE-2020-25668\", \"CVE-2020-25669\", \"CVE-2020-25704\", \"CVE-2020-27673\", \"CVE-2020-27675\", \"CVE-2020-27777\", \"CVE-2020-28941\", \"CVE-2020-28974\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2021-1461\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-debuginfo-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-debuginfo-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-debuginfo-common-i686-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-devel-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-devel-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-headers-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-headers-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-tools-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-tools-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-tools-debuginfo-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-tools-debuginfo-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-tools-devel-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-tools-devel-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'perf-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'perf-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'perf-debuginfo-4.14.209-117.337.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'perf-debuginfo-4.14.209-117.337.amzn1', 'cpu':'x86_64', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:50", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1462 advisory.\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace. (CVE-2019-19770)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. (CVE-2020-25704)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.\n Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.\n (CVE-2020-28941)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\n\nThis plugin has been deprecated due to Amazon pulling the previously published advisory.", "cvss3": {}, "published": "2020-12-19T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2020-1462) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19770", "CVE-2020-14351", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-8694"], "modified": "2020-12-23T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1462.NASL", "href": "https://www.tenable.com/plugins/nessus/144464", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2020-12-23 due to Amazon pulling the previsouly published advisory.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1462.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144464);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/23\");\n\n script_cve_id(\n \"CVE-2019-19770\",\n \"CVE-2020-8694\",\n \"CVE-2020-14351\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\",\n \"CVE-2020-27777\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\"\n );\n script_xref(name:\"ALAS\", value:\"2020-1462\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2020-1462) (deprecated)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS-2020-1462 advisory.\n\n - ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove\n function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously\n created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel\n developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of\n debugfs within blktrace. (CVE-2019-19770)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of\n service. (CVE-2020-25704)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users\n can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. (CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked\n down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to further increase their privileges to that of a\n running kernel. (CVE-2020-27777)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.\n Local attackers on systems with the speakup driver could cause a local denial of service attack, aka\n CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.\n (CVE-2020-28941)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\n\nThis plugin has been deprecated due to Amazon pulling the previously published advisory.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1462.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8694\");\n script_set_attribute(attribute:\"solution\", value:\n\"n/a\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25668\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated due to Amazon pulling the previously published advisory.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:02:24", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a LIO security issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0133-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-28374", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0133-1.NASL", "href": "https://www.tenable.com/plugins/nessus/145120", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0133-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145120);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2018-20669\",\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-28374\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0133-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a LIO security issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c\n(bsc#1179663).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in\ndrivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179421\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210133-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9b2ee691\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2021-133=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2021-133=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-133=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-133=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2021-133=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.57.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-30T15:29:54", "description": "The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\n - CVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\n - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123).\n\n - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\n - CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393).\n\n - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\n - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\n - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\n - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\n - CVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721).\n\n - CVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740).\n\n - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\n - CVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432).\n\nThe following non-security bugs were fixed :\n\n - 9P: Cast to loff_t before multiplying (git-fixes).\n\n - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes).\n\n - ACPICA: Add NHLT table signature (bsc#1176200).\n\n - ACPI: dock: fix enum-conversion warning (git-fixes).\n\n - ACPI / extlog: Check for RDMSR failure (git-fixes).\n\n - ACPI: GED: fix -Wformat (git-fixes).\n\n - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).\n\n - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).\n\n - Add bug reference to two hv_netvsc patches (bsc#1178853).\n\n - ALSA: ctl: fix error path at adding user-defined element set (git-fixes).\n\n - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).\n\n - ALSA: fix kernel-doc markups (git-fixes).\n\n - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes).\n\n - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes).\n\n - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes).\n\n - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes).\n\n - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes).\n\n - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes).\n\n - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes).\n\n - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes).\n\n - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes).\n\n - ALSA: mixart: Fix mutex deadlock (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).\n\n - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes).\n\n - arm64: bpf: Fix branch offset in JIT (git-fixes).\n\n - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes).\n\n - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes).\n\n - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes).\n\n - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes).\n\n - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes).\n\n - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes).\n\n - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes).\n\n - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes).\n\n - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes).\n\n - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes).\n\n - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes).\n\n - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes).\n\n - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes).\n\n - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes).\n\n - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes).\n\n - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes).\n\n - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes).\n\n - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes).\n\n - ASoC: cs42l51: manage mclk shutdown delay (git-fixes).\n\n - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes).\n\n - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n\n - ASoC: qcom: sdm845: set driver name correctly (git-fixes).\n\n - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).\n\n - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes).\n\n - batman-adv: set .owner to THIS_MODULE (git-fixes).\n\n - bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes).\n\n - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518).\n\n - bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518).\n\n - bpf: Zero-fill re-used per-cpu map element (bsc#1155518).\n\n - btrfs: Account for merged patches upstream Move below patches to sorted section.\n\n - btrfs: cleanup cow block on error (bsc#1178584).\n\n - btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217).\n\n - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217).\n\n - btrfs: fix relocation failure due to race with fallocate (bsc#1179217).\n\n - btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217).\n\n - btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217).\n\n - btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217).\n\n - btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217).\n\n - btrfs: reschedule if necessary when logging directory items (bsc#1178585).\n\n - btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579).\n\n - btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581).\n\n - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes).\n\n - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes).\n\n - can: can_create_echo_skb(): fix echo skb generation:\n always use skb_clone() (git-fixes).\n\n - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes).\n\n - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes).\n\n - can: dev: can_restart(): post buffer from the right context (git-fixes).\n\n - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes).\n\n - can: flexcan: flexcan_setup_stop_mode(): add missing 'req_bit' to stop mode property comment (git-fixes).\n\n - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes).\n\n - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).\n\n - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes).\n\n - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes).\n\n - can: m_can: m_can_handle_state_change(): fix state change (git-fixes).\n\n - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes).\n\n - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes).\n\n - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes).\n\n - can: peak_usb: add range checking in decode operations (git-fixes).\n\n - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes).\n\n - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes).\n\n - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).\n\n - ceph: add check_session_state() helper and make it global (bsc#1179012).\n\n - ceph: check session state after bumping session->s_seq (bsc#1179012).\n\n - ceph: check the sesion state and return false in case it is closed (bsc#1179012).\n\n - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653).\n\n - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).\n\n - cfg80211: initialize wdev data earlier (git-fixes).\n\n - cfg80211: regulatory: Fix inconsistent format argument (git-fixes).\n\n - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).\n\n - cifs: remove bogus debug code (bsc#1179427).\n\n - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).\n\n - clk: define to_clk_regmap() as inline function (git-fixes).\n\n - Convert trailing spaces and periods in path components (bsc#1179424).\n\n - cosa: Add missing kfree in error path of cosa_write (git-fixes).\n\n - dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073).\n\n - dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073).\n\n - Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_pol l.patch (bsc#1179419)\n\n - devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353).\n\n - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).\n\n - Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076).\n\n - Do not create null.i000.ipa-clones file (bsc#1178330) Kbuild cc-option compiles /dev/null file to test for an option availability. Filter out -fdump-ipa-clones so that null.i000.ipa-clones file is not generated in the process.\n\n - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873).\n\n - drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397).\n\n - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes).\n\n - Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64.\n\n - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001).\n\n - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001).\n\n - EDAC/amd64: Gather hardware information early (bsc#1179001).\n\n - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001).\n\n - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001).\n\n - EDAC/amd64: Save max number of controllers to family type (bsc#1179001). \n\n - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001).\n\n - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes).\n\n - efi: efibc: check for efivars write capability (git-fixes).\n\n - efi: EFI_EARLYCON should depend on EFI (git-fixes).\n\n - efi/efivars: Set generic ops before loading SSDT (git-fixes).\n\n - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).\n\n - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes).\n\n - efi: provide empty efi_enter_virtual_mode implementation (git-fixes).\n\n - efivarfs: fix memory leak in efivarfs_create() (git-fixes).\n\n - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes).\n\n - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes).\n\n - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).\n\n - efi/x86: Fix the deletion of variables in mixed mode (git-fixes).\n\n - efi/x86: Free efi_pgd with free_pages() (git-fixes).\n\n - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes).\n\n - efi/x86: Ignore the memory attributes table on i386 (git-fixes).\n\n - efi/x86: Map the entire EFI vendor string before copying it (git-fixes).\n\n - exfat: fix name_hash computation on big endian systems (git-fixes).\n\n - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes).\n\n - exfat: fix possible memory leak in exfat_find() (git-fixes).\n\n - exfat: fix use of uninitialized spinlock on error path (git-fixes).\n\n - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes).\n\n - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes).\n\n - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module.\n\n - ftrace: Fix recursion check for NMI test (git-fixes).\n\n - ftrace: Handle tracing when switching between context (git-fixes).\n\n - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).\n\n - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1149032).\n\n - gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes).\n\n - gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes).\n\n - gpio: pcie-idio-24: Fix irq mask when masking (git-fixes).\n\n - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes).\n\n - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes).\n\n - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes).\n\n - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes).\n\n - hv_balloon: disable warning when floor reached (git-fixes).\n\n - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes).\n\n - hv_netvsc: Add XDP support (bsc#1177820).\n\n - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820).\n\n - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820).\n\n - hv_netvsc: record hardware hash in skb (bsc#1177820).\n\n - hwmon: (pwm-fan) Fix RPM calculation (git-fixes).\n\n - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).\n\n - i2c: mediatek: move dma reset before i2c reset (git-fixes).\n\n - i2c: sh_mobile: implement atomic transfers (git-fixes).\n\n - igc: Fix not considering the TX delay for timestamps (bsc#1160634).\n\n - igc: Fix wrong timestamp latency numbers (bsc#1160634).\n\n - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).\n\n - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).\n\n - iio: adc: mediatek: fix unset field (git-fixes).\n\n - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes).\n\n - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).\n\n - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes).\n\n - intel_idle: Customize IceLake server support (bsc#1178286).\n\n - ionic: check port ptr before use (bsc#1167773).\n\n - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes).\n\n - kABI: revert use_mm name change (MM Functionality, bsc#1178426).\n\n - kABI workaround for HD-audio (git-fixes).\n\n - kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426).\n\n - kernel-(binary,source).spec.in: do not create loop symlinks (bsc#1179082)\n\n - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install\n\n - kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes).\n\n - kgdb: Fix spurious true from in_dbg_master() (git-fixes).\n\n - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes).\n\n - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes).\n\n - lan743x: fix 'BUG: invalid wait context' when setting rx mode (git-fixes).\n\n - lan743x: fix issue causing intermittent kernel log warnings (git-fixes).\n\n - lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes).\n\n - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes).\n\n - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518).\n\n - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).\n\n - lib/crc32test: remove extra local_irq_disable/enable (git-fixes).\n\n - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518).\n\n - mac80211: always wind down STA state (git-fixes).\n\n - mac80211: fix use of skb payload instead of header (git-fixes).\n\n - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).\n\n - mac80211: minstrel: fix tx status processing corner case (git-fixes).\n\n - mac80211: minstrel: remove deferred sampling code (git-fixes).\n\n - media: imx274: fix frame interval handling (git-fixes).\n\n - media: platform: Improve queue set up flow for bug fixing (git-fixes).\n\n - media: tw5864: check status of tw5864_frameinterval_get (git-fixes).\n\n - media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes).\n\n - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes).\n\n - mei: protect mei_cl_mtu from null dereference (git-fixes).\n\n - memcg: fix NULL pointer dereference in\n __mem_cgroup_usage_unregister_event (bsc#1177703).\n\n - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes).\n\n - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes).\n\n - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes).\n\n - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes).\n\n - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426).\n\n - mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426).\n\n - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)).\n\n - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235).\n\n - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)).\n\n - mm, memcg: fix inconsistent oom event behavior (bsc#1178659).\n\n - mm/memcg: fix refcount error while moving and swapping (bsc#1178686).\n\n - mm/memcontrol.c: add missed css_put() (bsc#1178661).\n\n - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)).\n\n - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes).\n\n - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)).\n\n - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)).\n\n - mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755).\n\n - modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076).\n\n - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873).\n\n - net: ena: Capitalize all log strings and improve code readability (bsc#1177397).\n\n - net: ena: Change license into format to SPDX in all files (bsc#1177397).\n\n - net: ena: Change log message to netif/dev function (bsc#1177397).\n\n - net: ena: Change RSS related macros and variables names (bsc#1177397).\n\n - net: ena: ethtool: Add new device statistics (bsc#1177397).\n\n - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).\n\n - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397).\n\n - net: ena: Fix all static chekers' warnings (bsc#1177397).\n\n - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).\n\n - net: ena: handle bad request id in ena_netdev (bsc#1174852).\n\n - net: ena: Remove redundant print of placement policy (bsc#1177397).\n\n - net: ena: xdp: add queue counters for xdp actions (bsc#1177397).\n\n - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353).\n\n - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873).\n\n - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464).\n\n - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464).\n\n - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461).\n\n - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).\n\n - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).\n\n - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).\n\n - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n\n - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n\n - NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180).\n\n - nvme: do not update disk info for multipathed device (bsc#1171558).\n\n - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873).\n\n - p54: avoid accessing the data mapped to streaming DMA (git-fixes).\n\n - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes).\n\n - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).\n\n - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).\n\n - pinctrl: aspeed: Fix GPI only function problem (git-fixes).\n\n - pinctrl: intel: Set default bias in case no particular value given (git-fixes).\n\n - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes).\n\n - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).\n\n - PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes).\n\n - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426).\n\n - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915).\n\n - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc/pseries: new lparcfg key/value pair:\n partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915).\n\n - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426).\n\n - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293).\n\n - power: supply: bq27xxx: report 'not charging' on all types (git-fixes).\n\n - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes).\n\n - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160).\n\n - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449).\n\n - RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449).\n\n - RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449).\n\n - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449).\n\n - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464).\n\n - RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215).\n\n - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes).\n\n - reboot: fix overflow parsing reboot cpu number (git-fixes).\n\n - Refresh patches.suse/vfs-add-super_operations-get_inode_dev.\n (bsc#1176983) \n\n - regulator: avoid resolve_supply() infinite recursion (git-fixes).\n\n - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes).\n\n - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes).\n\n - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze(100,200) (git-fixes).\n\n - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes).\n\n - regulator: workaround self-referent regulators (git-fixes).\n\n - Restore the header of series.conf The header of series.conf was accidentally changed by abb50be8e6bc '(kABI: revert use_mm name change (MM Functionality, bsc#1178426))'. \n\n - Revert 'cdc-acm: hardening against malicious devices' (git-fixes).\n\n - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (git-fixes).\n\n - Revert 'xfs: complain if anyone tries to create a too-large buffer' (bsc#1179425, bsc#1179550).\n\n - rfkill: Fix use-after-free in rfkill_resume() (git-fixes).\n\n - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes).\n\n - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger\n -<dimstar@opensuse.org>\n\n - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two.\n\n - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead.\n\n - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)\n\n - rpm/kernel-(source,binary).spec: do not include ghost symlinks (boo#1179082).\n\n - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter:\n ^kernel-obs-build.*\\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e.\n merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly.\n\n - s390/bpf: Fix multiple tail calls (git-fixes).\n\n - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935).\n\n - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).\n\n - s390/dasd: fix NULL pointer dereference for ERP requests (git-fixes).\n\n - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes).\n\n - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341).\n\n - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342).\n\n - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)).\n\n - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)).\n\n - sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227).\n\n - sched: Fix rq->nr_iowait ordering (git fixes (sched)).\n\n - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros:\n section\n\n - scsi: libiscsi: Fix NOP race condition (bsc#1176481).\n\n - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873).\n\n - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes).\n\n - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes).\n\n - spi: lpspi: Fix use-after-free on unbind (git-fixes).\n\n - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes).\n\n - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes).\n\n - staging: octeon: repair 'fixed-link' support (git-fixes).\n\n - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).\n\n - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353).\n\n - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes).\n\n - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes).\n\n - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873).\n\n - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes).\n\n - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes).\n\n - timer: Fix wheel index calculation on last level (git-fixes).\n\n - timer: Prevent base->clk from moving backward (git-fixes).\n\n - tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes).\n\n - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes).\n\n - tracing: Fix out of bounds write in get_trace_buf (git-fixes).\n\n - tty: serial: fsl_lpuart: add LS1028A support (git-fixes).\n\n - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes).\n\n - tty: serial: imx: fix potential deadlock (git-fixes).\n\n - tty: serial: imx: keep console clocks always on (git-fixes).\n\n - uio: Fix use-after-free in uio_unregister_device() (git-fixes).\n\n - uio: free uio id after uio file node is freed (git-fixes).\n\n - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).\n\n - USB: adutux: fix debugging (git-fixes).\n\n - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).\n\n - USB: cdc-acm: fix cooldown mechanism (git-fixes).\n\n - USB: core: Change %pK for __user pointers to %px (git-fixes).\n\n - USB: core: driver: fix stray tabs in error messages (git-fixes).\n\n - USB: core: Fix regression in Hercules audio card (git-fixes).\n\n - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).\n\n - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).\n\n - USB: gadget: goku_udc: fix potential crashes in probe (git-fixes).\n\n - USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).\n\n - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n\n - USB: serial: cyberjack: fix write-URB completion race (git-fixes).\n\n - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes).\n\n - USB: serial: option: add Quectel EC200T module support (git-fixes).\n\n - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).\n\n - USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes).\n\n - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes).\n\n - USB: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes).\n\n - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).\n\n - video: hyperv_fb: include vmalloc.h (git-fixes).\n\n - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).\n\n - virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes).\n\n - vt: Disable KD_FONT_OP_COPY (bsc#1178589).\n\n - x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n\n - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes).\n\n - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).\n\n - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489).\n\n - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489).\n\n - xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146).\n\n - xfs: do not update mtime on COW faults (bsc#1167030).\n\n - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).\n\n - xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes).\n\n - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes).\n\n - xfs: fix rmap key and record comparison functions (git-fixes).\n\n - xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes).\n\n - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes).\n\n - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166).\n\n - xfs: prohibit fs freezing when using empty transactions (bsc#1179442).\n\n - xfs: remove unused variable 'done' (bsc#1166166).\n\n - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes).\n\n - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes).\n\n - xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes).\n\n - xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166).\n\n - xhci: Fix sizeof() mismatch (git-fixes).\n\n - xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes).\n\nkernel-default-base fixes the following issues :\n\n - Add wireguard kernel module (bsc#1179225)\n\n - Create the list of crypto kernel modules dynamically, supersedes hardcoded list of crc32 implementations (bsc#1177577)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2020-12-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-2260)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-29369", "CVE-2020-29371", "CVE-2020-4788"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2260.NASL", "href": "https://www.tenable.com/plugins/nessus/144313", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2260.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144313);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\",\n \"CVE-2020-29369\",\n \"CVE-2020-29371\",\n \"CVE-2020-4788\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-2260)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-15436: Fixed a use after free vulnerability in\n fs/block_dev.c which could have allowed local users to\n gain privileges or cause a denial of service\n (bsc#1179141).\n\n - CVE-2020-15437: Fixed a NULL pointer dereference which\n could have allowed local users to cause a denial of\n service(bsc#1179140).\n\n - CVE-2020-25668: Fixed a concurrency use-after-free in\n con_font_op (bsc#1178123).\n\n - CVE-2020-25669: Fixed a use-after-free read in\n sunkbd_reinit() (bsc#1178182).\n\n - CVE-2020-25704: Fixed a leak in\n perf_event_parse_addr_filter() (bsc#1178393).\n\n - CVE-2020-27777: Restrict RTAS requests from userspace\n (bsc#1179107)\n\n - CVE-2020-28915: Fixed a buffer over-read in the fbcon\n code which could have been used by local attackers to\n read kernel memory (bsc#1178886).\n\n - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon\n which could have been used by local attackers to read\n privileged information or potentially crash the kernel\n (bsc#1178589).\n\n - CVE-2020-29371: Fixed uninitialized memory leaks to\n userspace (bsc#1179429).\n\n - CVE-2020-25705: Fixed an issue which could have allowed\n to quickly scan open UDP ports. This flaw allowed an\n off-path remote user to effectively bypassing source\n port UDP randomization (bsc#1175721).\n\n - CVE-2020-28941: Fixed an issue where local attackers on\n systems with the speakup driver could cause a local\n denial of service attack (bsc#1178740).\n\n - CVE-2020-4788: Fixed an issue with IBM Power9 processors\n could have allowed a local user to obtain sensitive\n information from the data in the L1 cache under\n extenuating circumstances (bsc#1177666).\n\n - CVE-2020-29369: Fixed a race condition between certain\n expand functions (expand_downwards and expand_upwards)\n and page-table free operations from an munmap call, aka\n CID-246c320a8cfe (bnc#1173504 1179432).\n\nThe following non-security bugs were fixed :\n\n - 9P: Cast to loff_t before multiplying (git-fixes).\n\n - ACPI: button: Add DMI quirk for Medion Akoya E2228T\n (git-fixes).\n\n - ACPICA: Add NHLT table signature (bsc#1176200).\n\n - ACPI: dock: fix enum-conversion warning (git-fixes).\n\n - ACPI / extlog: Check for RDMSR failure (git-fixes).\n\n - ACPI: GED: fix -Wformat (git-fixes).\n\n - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).\n\n - ACPI: video: use ACPI backlight for HP 635 Notebook\n (git-fixes).\n\n - Add bug reference to two hv_netvsc patches\n (bsc#1178853).\n\n - ALSA: ctl: fix error path at adding user-defined element\n set (git-fixes).\n\n - ALSA: firewire: Clean up a locking issue in\n copy_resp_to_buf() (git-fixes).\n\n - ALSA: fix kernel-doc markups (git-fixes).\n\n - ALSA: hda: fix jack detection with Realtek codecs when\n in D3 (git-fixes).\n\n - ALSA: hda: prevent undefined shift in\n snd_hdac_ext_bus_get_link() (git-fixes).\n\n - ALSA: hda/realtek: Add some Clove SSID in the\n ALC293(ALC1220) (git-fixes).\n\n - ALSA: hda/realtek - Add supported for Lenovo ThinkPad\n Headset Button (git-fixes).\n\n - ALSA: hda/realtek - Add supported mute Led for HP\n (git-fixes).\n\n - ALSA: hda/realtek - Enable headphone for ASUS TM420\n (git-fixes).\n\n - ALSA: hda/realtek - Fixed HP headset Mic can't be\n detected (git-fixes).\n\n - ALSA: hda/realtek - HP Headset Mic can't detect after\n boot (git-fixes).\n\n - ALSA: hda: Reinstate runtime_allow() for all hda\n controllers (git-fixes).\n\n - ALSA: mixart: Fix mutex deadlock (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for all Logitech USB\n devices (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for MODX\n (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Qu-16\n (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Zoom\n UAC-2 (git-fixes).\n\n - ALSA: usb-audio: add usb vendor id as DSD-capable for\n Khadas devices (git-fixes).\n\n - arm64: bpf: Fix branch offset in JIT (git-fixes).\n\n - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII\n RX/TX delay on PHY (git-fixes).\n\n - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet\n node (git-fixes).\n\n - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet\n node (git-fixes).\n\n - arm64: dts: allwinner: beelink-gs1: Enable both RGMII\n RX/TX delay (git-fixes).\n\n - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet\n node (git-fixes).\n\n - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet\n node (git-fixes).\n\n - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX\n delay (git-fixes).\n\n - arm64: dts: fsl: DPAA FMan DMA operations are coherent\n (git-fixes).\n\n - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating\n point (git-fixes).\n\n - arm64: dts: imx8mq: Add missing interrupts to GPC\n (git-fixes).\n\n - arm64: dts: imx8mq: Fix TMU interrupt property\n (git-fixes).\n\n - arm64: dts: zynqmp: Remove additional compatible string\n for i2c IPs (git-fixes).\n\n - arm64: kprobe: add checks for ARMv8.3-PAuth combined\n instructions (git-fixes).\n\n - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs\n (git-fixes).\n\n - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs\n (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra186\n SDMMC nodes (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra194\n SDMMC nodes (git-fixes).\n\n - arm64: tegra: Add missing timeout clock to Tegra210\n SDMMC (git-fixes).\n\n - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes).\n\n - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes).\n\n - ASoC: codecs: wcd9335: Set digital gain range correctly\n (git-fixes).\n\n - ASoC: cs42l51: manage mclk shutdown delay (git-fixes).\n\n - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup\n function (git-fixes).\n\n - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n\n - ASoC: qcom: sdm845: set driver name correctly\n (git-fixes).\n\n - ath10k: fix VHT NSS calculation when STBC is enabled\n (git-fixes).\n\n - ath10k: start recovery process when payload length\n exceeds max htc length for sdio (git-fixes).\n\n - batman-adv: set .owner to THIS_MODULE (git-fixes).\n\n - bnxt_en: Avoid sending firmware messages when AER error\n is detected (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Check abort error state in bnxt_open_nic()\n (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix NULL ptr dereference crash in\n bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Fix regression in workqueue cleanup logic in\n bnxt_remove_one() (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also\n (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: return proper error codes in bnxt_show_temp\n (git-fixes).\n\n - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally\n (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Do not rely on GCC __attribute__((optimize)) to\n disable GCSE (bsc#1155518).\n\n - bpf: Fix comment for helper\n bpf_current_task_under_cgroup() (bsc#1155518).\n\n - bpf: Zero-fill re-used per-cpu map element\n (bsc#1155518).\n\n - btrfs: Account for merged patches upstream Move below\n patches to sorted section.\n\n - btrfs: cleanup cow block on error (bsc#1178584).\n\n - btrfs: fix bytes_may_use underflow in prealloc error\n condtition (bsc#1179217).\n\n - btrfs: fix metadata reservation for fallocate that leads\n to transaction aborts (bsc#1179217).\n\n - btrfs: fix relocation failure due to race with fallocate\n (bsc#1179217).\n\n - btrfs: remove item_size member of struct\n btrfs_clone_extent_info (bsc#1179217).\n\n - btrfs: rename btrfs_insert_clone_extent() to a more\n generic name (bsc#1179217).\n\n - btrfs: rename btrfs_punch_hole_range() to a more generic\n name (bsc#1179217).\n\n - btrfs: rename struct btrfs_clone_extent_info to a more\n generic name (bsc#1179217).\n\n - btrfs: reschedule if necessary when logging directory\n items (bsc#1178585).\n\n - btrfs: send, orphanize first all conflicting inodes when\n processing references (bsc#1178579).\n\n - btrfs: send, recompute reference path after\n orphanization of a directory (bsc#1178581).\n\n - can: af_can: prevent potential access of uninitialized\n member in canfd_rcv() (git-fixes).\n\n - can: af_can: prevent potential access of uninitialized\n member in can_rcv() (git-fixes).\n\n - can: can_create_echo_skb(): fix echo skb generation:\n always use skb_clone() (git-fixes).\n\n - can: dev: __can_get_echo_skb(): fix real payload length\n return value for RTR frames (git-fixes).\n\n - can: dev: can_get_echo_skb(): prevent call to\n kfree_skb() in hard IRQ context (git-fixes).\n\n - can: dev: can_restart(): post buffer from the right\n context (git-fixes).\n\n - can: flexcan: flexcan_remove(): disable wakeup\n completely (git-fixes).\n\n - can: flexcan: flexcan_setup_stop_mode(): add missing\n 'req_bit' to stop mode property comment (git-fixes).\n\n - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk\n for LS1021A (git-fixes).\n\n - can: gs_usb: fix endianess problem with candleLight\n firmware (git-fixes).\n\n - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming\n limits (git-fixes).\n\n - can: m_can: fix nominal bitiming tseg2 min for version\n >= 3.1 (git-fixes).\n\n - can: m_can: m_can_handle_state_change(): fix state\n change (git-fixes).\n\n - can: m_can: m_can_stop(): set device to software init\n mode before closing (git-fixes).\n\n - can: mcba_usb: mcba_usb_start_xmit(): first fill skb,\n then pass to can_put_echo_skb() (git-fixes).\n\n - can: peak_canfd: pucan_handle_can_rx(): fix echo\n management when loopback is on (git-fixes).\n\n - can: peak_usb: add range checking in decode operations\n (git-fixes).\n\n - can: peak_usb: fix potential integer overflow on shift\n of a int (git-fixes).\n\n - can: peak_usb: peak_usb_get_ts_time(): fix timestamp\n wrapping (git-fixes).\n\n - can: rx-offload: do not call kfree_skb() from IRQ\n context (git-fixes).\n\n - ceph: add check_session_state() helper and make it\n global (bsc#1179012).\n\n - ceph: check session state after bumping session->s_seq\n (bsc#1179012).\n\n - ceph: check the sesion state and return false in case it\n is closed (bsc#1179012).\n\n - ceph: downgrade warning from mdsmap decode to debug\n (bsc#1178653).\n\n - ceph: fix race in concurrent __ceph_remove_cap\n invocations (bsc#1178635).\n\n - cfg80211: initialize wdev data earlier (git-fixes).\n\n - cfg80211: regulatory: Fix inconsistent format argument\n (git-fixes).\n\n - cifs: Fix incomplete memory allocation on setxattr path\n (bsc#1179211).\n\n - cifs: remove bogus debug code (bsc#1179427).\n\n - cifs: Return the error from crypt_message when enc/dec\n key not found (bsc#1179426).\n\n - clk: define to_clk_regmap() as inline function\n (git-fixes).\n\n - Convert trailing spaces and periods in path components\n (bsc#1179424).\n\n - cosa: Add missing kfree in error path of cosa_write\n (git-fixes).\n\n - dax: fix detection of dax support for non-persistent\n memory block devices (bsc#1171073).\n\n - dax: Fix stack overflow when mounting fsdax pmem device\n (bsc#1171073).\n\n - Delete\n patches.suse/fs-select.c-batch-user-writes-in-do_sys_pol\n l.patch (bsc#1179419)\n\n - devlink: Make sure devlink instance and port are in same\n net namespace (bsc#1154353).\n\n - docs: ABI: sysfs-c2port: remove a duplicated entry\n (git-fixes).\n\n - Documentation/admin-guide/module-signing.rst: add\n openssl command option example for CodeSign EKU\n (bsc#1177353, bsc#1179076).\n\n - Do not create null.i000.ipa-clones file (bsc#1178330)\n Kbuild cc-option compiles /dev/null file to test for an\n option availability. Filter out -fdump-ipa-clones so\n that null.i000.ipa-clones file is not generated in the\n process.\n\n - drbd: code cleanup by using sendpage_ok() to check page\n for kernel_sendpage() (bsc#1172873).\n\n - drivers/net/ethernet: remove incorrectly formatted doc\n (bsc#1177397).\n\n - drivers: watchdog: rdc321x_wdt: Fix race condition bugs\n (git-fixes).\n\n - Drop sysctl files for dropped archs, add ppc64le and arm\n (bsc#1178838). Also correct the page size on ppc64.\n\n - EDAC/amd64: Cache secondary Chip Select registers\n (bsc#1179001).\n\n - EDAC/amd64: Find Chip Select memory size using Address\n Mask (bsc#1179001).\n\n - EDAC/amd64: Gather hardware information early\n (bsc#1179001).\n\n - EDAC/amd64: Initialize DIMM info for systems with more\n than two channels (bsc#1179001).\n\n - EDAC/amd64: Make struct amd64_family_type global\n (bsc#1179001).\n\n - EDAC/amd64: Save max number of controllers to family\n type (bsc#1179001). \n\n - EDAC/amd64: Support asymmetric dual-rank DIMMs\n (bsc#1179001).\n\n - efi: add missed destroy_workqueue when efisubsys_init\n fails (git-fixes).\n\n - efi: efibc: check for efivars write capability\n (git-fixes).\n\n - efi: EFI_EARLYCON should depend on EFI (git-fixes).\n\n - efi/efivars: Set generic ops before loading SSDT\n (git-fixes).\n\n - efi/esrt: Fix reference count leak in\n esre_create_sysfs_entry (git-fixes).\n\n - efi/libstub/x86: Work around LLVM ELF quirk build\n regression (git-fixes).\n\n - efi: provide empty efi_enter_virtual_mode implementation\n (git-fixes).\n\n - efivarfs: fix memory leak in efivarfs_create()\n (git-fixes).\n\n - efivarfs: revert 'fix memory leak in efivarfs_create()'\n (git-fixes).\n\n - efi/x86: Align GUIDs to their size in the mixed mode\n runtime wrapper (git-fixes).\n\n - efi/x86: Do not panic or BUG() on non-critical error\n conditions (git-fixes).\n\n - efi/x86: Fix the deletion of variables in mixed mode\n (git-fixes).\n\n - efi/x86: Free efi_pgd with free_pages() (git-fixes).\n\n - efi/x86: Handle by-ref arguments covering multiple pages\n in mixed mode (git-fixes).\n\n - efi/x86: Ignore the memory attributes table on i386\n (git-fixes).\n\n - efi/x86: Map the entire EFI vendor string before copying\n it (git-fixes).\n\n - exfat: fix name_hash computation on big endian systems\n (git-fixes).\n\n - exfat: fix overflow issue in exfat_cluster_to_sector()\n (git-fixes).\n\n - exfat: fix possible memory leak in exfat_find()\n (git-fixes).\n\n - exfat: fix use of uninitialized spinlock on error path\n (git-fixes).\n\n - exfat: fix wrong hint_stat initialization in\n exfat_find_dir_entry() (git-fixes).\n\n - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into\n linux/font.h (git-fixes).\n\n - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201)\n CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it\n as module.\n\n - ftrace: Fix recursion check for NMI test (git-fixes).\n\n - ftrace: Handle tracing when switching between context\n (git-fixes).\n\n - futex: Do not enable IRQs unconditionally in\n put_pi_state() (bsc#1149032).\n\n - futex: Handle transient 'ownerless' rtmutex state\n correctly (bsc#1149032).\n\n - gpio: pcie-idio-24: Enable PEX8311 interrupts\n (git-fixes).\n\n - gpio: pcie-idio-24: Fix IRQ Enable Register value\n (git-fixes).\n\n - gpio: pcie-idio-24: Fix irq mask when masking\n (git-fixes).\n\n - HID: logitech-dj: Fix an error in\n mse_bluetooth_descriptor (git-fixes).\n\n - HID: logitech-dj: Fix Dinovo Mini when paired with a\n MX5x00 receiver (git-fixes).\n\n - HID: logitech-dj: Handle quad/bluetooth keyboards with a\n builtin trackpad (git-fixes).\n\n - HID: logitech-hidpp: Add PID for MX Anywhere 2\n (git-fixes).\n\n - hv_balloon: disable warning when floor reached\n (git-fixes).\n\n - hv: clocksource: Add notrace attribute to\n read_hv_sched_clock_*() functions (git-fixes).\n\n - hv_netvsc: Add XDP support (bsc#1177820).\n\n - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs\n (bsc#1177820).\n\n - hv_netvsc: make recording RSS hash depend on feature\n flag (bsc#1177820).\n\n - hv_netvsc: record hardware hash in skb (bsc#1177820).\n\n - hwmon: (pwm-fan) Fix RPM calculation (git-fixes).\n\n - hyperv_fb: Update screen_info after removing old\n framebuffer (bsc#1175306).\n\n - i2c: mediatek: move dma reset before i2c reset\n (git-fixes).\n\n - i2c: sh_mobile: implement atomic transfers (git-fixes).\n\n - igc: Fix not considering the TX delay for timestamps\n (bsc#1160634).\n\n - igc: Fix wrong timestamp latency numbers (bsc#1160634).\n\n - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM\n for setting tablet-mode (git-fixes).\n\n - iio: accel: kxcjk1013: Replace is_smo8500_device with an\n acpi_type enum (git-fixes).\n\n - iio: adc: mediatek: fix unset field (git-fixes).\n\n - iio: light: fix kconfig dependency bug for VCNL4035\n (git-fixes).\n\n - Input: adxl34x - clean up a data type in adxl34x_probe()\n (git-fixes).\n\n - Input: resistive-adc-touch - fix kconfig dependency on\n IIO_BUFFER (git-fixes).\n\n - intel_idle: Customize IceLake server support\n (bsc#1178286).\n\n - ionic: check port ptr before use (bsc#1167773).\n\n - iwlwifi: mvm: write queue_sync_state only for sync\n (git-fixes).\n\n - kABI: revert use_mm name change (MM Functionality,\n bsc#1178426).\n\n - kABI workaround for HD-audio (git-fixes).\n\n - kernel: better document the use_mm/unuse_mm API contract\n (MM Functionality, bsc#1178426).\n\n - kernel-(binary,source).spec.in: do not create loop\n symlinks (bsc#1179082)\n\n - kernel-source.spec: Fix build with rpm 4.16\n (boo#1179015). RPM_BUILD_ROOT is cleared before\n %%install. Do the unpack into RPM_BUILD_ROOT in\n %%install\n\n - kernel/watchdog: fix watchdog_allowed_mask not used\n warning (git-fixes).\n\n - kgdb: Fix spurious true from in_dbg_master()\n (git-fixes).\n\n - kthread_worker: prevent queuing delayed work from\n timer_fn when it is being canceled (git-fixes).\n\n - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return\n SMCCC_RET_NOT_REQUIRED (git-fixes).\n\n - lan743x: fix 'BUG: invalid wait context' when setting rx\n mode (git-fixes).\n\n - lan743x: fix issue causing intermittent kernel log\n warnings (git-fixes).\n\n - lan743x: prevent entire kernel HANG on open, for some\n platforms (git-fixes).\n\n - leds: bcm6328, bcm6358: use devres LED registering\n function (git-fixes).\n\n - libbpf, hashmap: Fix undefined behavior in hash_bits\n (bsc#1155518).\n\n - libceph: use sendpage_ok() in ceph_tcp_sendpage()\n (bsc#1172873).\n\n - lib/crc32test: remove extra local_irq_disable/enable\n (git-fixes).\n\n - libnvdimm/nvdimm/flush: Allow architecture to override\n the flush barrier (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - lib/strncpy_from_user.c: Mask out bytes after NUL\n terminator (bsc#1155518).\n\n - mac80211: always wind down STA state (git-fixes).\n\n - mac80211: fix use of skb payload instead of header\n (git-fixes).\n\n - mac80211: free sta in sta_info_insert_finish() on errors\n (git-fixes).\n\n - mac80211: minstrel: fix tx status processing corner case\n (git-fixes).\n\n - mac80211: minstrel: remove deferred sampling code\n (git-fixes).\n\n - media: imx274: fix frame interval handling (git-fixes).\n\n - media: platform: Improve queue set up flow for bug\n fixing (git-fixes).\n\n - media: tw5864: check status of tw5864_frameinterval_get\n (git-fixes).\n\n - media: uvcvideo: Fix dereference of out-of-bound list\n iterator (git-fixes).\n\n - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having\n any effect (git-fixes).\n\n - mei: protect mei_cl_mtu from null dereference\n (git-fixes).\n\n - memcg: fix NULL pointer dereference in\n __mem_cgroup_usage_unregister_event (bsc#1177703).\n\n - mfd: sprd: Add wakeup capability for PMIC IRQ\n (git-fixes).\n\n - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free()\n at remove (git-fixes).\n\n - mmc: sdhci-of-esdhc: Handle pulse width detection\n erratum for more SoCs (git-fixes).\n\n - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode\n for BYT-based Intel controllers (git-fixes).\n\n - mm: fix exec activate_mm vs TLB shootdown and lazy tlb\n switching race (MM Functionality, bsc#1178426).\n\n - mm: fix kthread_use_mm() vs TLB invalidate (MM\n Functionality, bsc#1178426).\n\n - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git\n fixes (mm/gup)).\n\n - mm/gup: fix gup_fast with dynamic page table folding\n (bnc#1176586, LTC#188235).\n\n - mm/ksm: fix NULL pointer dereference when KSM zero page\n is enabled (git fixes (mm/ksm)).\n\n - mm, memcg: fix inconsistent oom event behavior\n (bsc#1178659).\n\n - mm/memcg: fix refcount error while moving and swapping\n (bsc#1178686).\n\n - mm/memcontrol.c: add missed css_put() (bsc#1178661).\n\n - mm: mempolicy: require at least one nodeid for\n MPOL_PREFERRED (git fixes (mm/mempolicy)).\n\n - mm/swapfile.c: fix potential memory leak in sys_swapon\n (git-fixes).\n\n - mm: swap: make page_evictable() inline (git fixes\n (mm/vmscan)).\n\n - mm: swap: use smp_mb__after_atomic() to order LRU bit\n set (git fixes (mm/vmscan)).\n\n - mm, THP, swap: fix allocating cluster for swapfile by\n mistake (bsc#1178755).\n\n - modsign: Add codeSigning EKU when generating X.509 key\n generation config (bsc#1177353, bsc#1179076).\n\n - net: add WARN_ONCE in kernel_sendpage() for improper\n zero-copy send (bsc#1172873).\n\n - net: ena: Capitalize all log strings and improve code\n readability (bsc#1177397).\n\n - net: ena: Change license into format to SPDX in all\n files (bsc#1177397).\n\n - net: ena: Change log message to netif/dev function\n (bsc#1177397).\n\n - net: ena: Change RSS related macros and variables names\n (bsc#1177397).\n\n - net: ena: ethtool: Add new device statistics\n (bsc#1177397).\n\n - net: ena: ethtool: add stats printing to XDP queues\n (bsc#1177397).\n\n - net: ena: ethtool: convert stat_offset to 64 bit\n resolution (bsc#1177397).\n\n - net: ena: Fix all static chekers' warnings\n (bsc#1177397).\n\n - net: ena: fix packet's addresses for rx_offset feature\n (bsc#1174852).\n\n - net: ena: handle bad request id in ena_netdev\n (bsc#1174852).\n\n - net: ena: Remove redundant print of placement policy\n (bsc#1177397).\n\n - net: ena: xdp: add queue counters for xdp actions\n (bsc#1177397).\n\n - net: fix pos incrementment in ipv6_route_seq_next\n (bsc#1154353).\n\n - net: introduce helper sendpage_ok() in\n include/linux/net.h (bsc#1172873). kABI workaround for\n including mm.h in include/linux/net.h (bsc#1172873).\n\n - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464).\n\n - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if\n qos disabled (jsc#SLE-8464).\n\n - net: mscc: ocelot: fix race condition with TX\n timestamping (bsc#1178461).\n\n - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition\n (git-fixes).\n\n - nfc: s3fwrn5: use signed integer for parsing GPIO\n numbers (git-fixes).\n\n - NFS: only invalidate dentrys that are clearly invalid\n (bsc#1178669 bsc#1170139).\n\n - NFSv4: Handle NFS4ERR_OLD_STATEID in\n CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n\n - NFSv4: Wait for stateid updates after\n CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n\n - NFSv4.x recover from pre-mature loss of openstateid\n (bsc#1176180).\n\n - nvme: do not update disk info for multipathed device\n (bsc#1171558).\n\n - nvme-tcp: check page by sendpage_ok() before calling\n kernel_sendpage() (bsc#1172873).\n\n - p54: avoid accessing the data mapped to streaming DMA\n (git-fixes).\n\n - PCI/ACPI: Whitelist hotplug ports for D3 if power\n managed by ACPI (git-fixes).\n\n - pinctrl: amd: fix incorrect way to disable debounce\n filter (git-fixes).\n\n - pinctrl: amd: use higher precision for 512 RtcClk\n (git-fixes).\n\n - pinctrl: aspeed: Fix GPI only function problem\n (git-fixes).\n\n - pinctrl: intel: Set default bias in case no particular\n value given (git-fixes).\n\n - platform/x86: thinkpad_acpi: Send tablet mode switch at\n wakeup time (git-fixes).\n\n - platform/x86: toshiba_acpi: Fix the wrong variable\n assignment (git-fixes).\n\n - PM: runtime: Drop runtime PM references to supplier on\n link removal (git-fixes).\n\n - powerpc/64s/radix: Fix mm_cpumask trimming race vs\n kthread_use_mm (MM Functionality, bsc#1178426).\n\n - powerpc: Inline doorbell sending functions\n (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc/perf: consolidate GPCI hcall structs into\n asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915).\n\n - powerpc/pmem: Add flush routines using new pmem store\n and sync instruction (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add new instructions for persistent\n storage and sync (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Avoid the barrier in flush routines\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Initialize pmem device on newer hardware\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Restrict papr_scm to P8 and above\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Update ppc64 to use the new barrier\n instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109\n ltc#187964).\n\n - powerpc/pseries: Add KVM guest doorbell restrictions\n (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc/pseries: new lparcfg key/value pair:\n partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915).\n\n - powerpc/pseries: Use doorbells even if XIVE is available\n (jsc#SLE-15869 jsc#SLE-16321).\n\n - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM\n Functionality, bsc#1178426).\n\n - powerpc/vnic: Extend 'failover pending' window\n (bsc#1176855 ltc#187293).\n\n - power: supply: bq27xxx: report 'not charging' on all\n types (git-fixes).\n\n - power: supply: test_power: add missing newlines when\n printing parameters by sysfs (git-fixes).\n\n - qla2xxx: Add MODULE_VERSION back to driver\n (bsc#1179160).\n\n - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP\n (jsc#SLE-8449).\n\n - RDMA/hns: Fix the wrong value of rnr_retry when querying\n qp (jsc#SLE-8449).\n\n - RDMA/hns: Fix wrong field of SRQ number the device\n supports (jsc#SLE-8449).\n\n - RDMA/hns: Solve the overflow of the calc_pg_sz()\n (jsc#SLE-8449).\n\n - RDMA/mlx5: Fix devlink deadlock on net namespace\n deletion (jsc#SLE-8464).\n\n - RDMA/qedr: Fix return code if accept is called on a\n destroyed qp (jsc#SLE-8215).\n\n - RDMA/ucma: Add missing locking around\n rdma_leave_multicast() (git-fixes).\n\n - reboot: fix overflow parsing reboot cpu number\n (git-fixes).\n\n - Refresh\n patches.suse/vfs-add-super_operations-get_inode_dev.\n (bsc#1176983) \n\n - regulator: avoid resolve_supply() infinite recursion\n (git-fixes).\n\n - regulator: defer probe when trying to get voltage from\n unresolved supply (git-fixes).\n\n - regulator: fix memory leak with repeated\n set_machine_constraints() (git-fixes).\n\n - regulator: pfuze100: limit pfuze-support-disable-sw to\n pfuze(100,200) (git-fixes).\n\n - regulator: ti-abb: Fix array out of bound read access on\n the first transition (git-fixes).\n\n - regulator: workaround self-referent regulators\n (git-fixes).\n\n - Restore the header of series.conf The header of\n series.conf was accidentally changed by abb50be8e6bc\n '(kABI: revert use_mm name change (MM Functionality,\n bsc#1178426))'. \n\n - Revert 'cdc-acm: hardening against malicious devices'\n (git-fixes).\n\n - Revert 'kernel/reboot.c: convert simple_strtoul to\n kstrtoint' (git-fixes).\n\n - Revert 'xfs: complain if anyone tries to create a\n too-large buffer' (bsc#1179425, bsc#1179550).\n\n - rfkill: Fix use-after-free in rfkill_resume()\n (git-fixes).\n\n - ring-buffer: Fix recursion protection transitions\n between interrupt context (git-fixes).\n\n - rpm/kernel-binary.spec.in: avoid using barewords\n (bsc#1179014) Author: Dominique Leuenberger\n -<dimstar@opensuse.org>\n\n - rpm/kernel-binary.spec.in: avoid using more barewords\n (bsc#1179014) %split_extra still contained two.\n\n - rpm/kernel-binary.spec.in: use grep -E instead of egrep\n (bsc#1179045) egrep is only a deprecated bash wrapper\n for 'grep -E'. So use the latter instead.\n\n - rpm/kernel-obs-build.spec.in: Add -q option to modprobe\n calls (bsc#1178401)\n\n - rpm/kernel-(source,binary).spec: do not include ghost\n symlinks (boo#1179082).\n\n - rpm/mkspec: do not build kernel-obs-build on x86_32 We\n want to use 64bit kernel due to various bugs\n (bsc#1178762 to name one). There is: ExportFilter:\n ^kernel-obs-build.*\\.x86_64.rpm$ . i586 in Factory's\n prjconf now. No other actively maintained distro (i.e.\n merging packaging branch) builds a x86_32 kernel, hence\n pushing to packaging directly.\n\n - s390/bpf: Fix multiple tail calls (git-fixes).\n\n - s390/cpum_cf,perf: change DFLT_CCERROR counter name\n (bsc#1175918 LTC#187935).\n\n - s390/cpum_sf.c: fix file permission for cpum_sfb_size\n (git-fixes).\n\n - s390/dasd: fix NULL pointer dereference for ERP requests\n (git-fixes).\n\n - s390/pkey: fix paes selftest failure with paes and pkey\n static build (git-fixes).\n\n - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066\n LTC#188341).\n\n - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070\n LTC#188342).\n\n - sched/fair: Ensure tasks spreading in LLC during LB (git\n fixes (sched)).\n\n - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list\n (git fixes (sched)).\n\n - sched: Fix loadavg accounting race on arm64 kabi\n (bnc#1178227).\n\n - sched: Fix rq->nr_iowait ordering (git fixes (sched)).\n\n - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros:\n section\n\n - scsi: libiscsi: Fix NOP race condition (bsc#1176481).\n\n - scsi: libiscsi: use sendpage_ok() in\n iscsi_tcp_segment_map() (bsc#1172873).\n\n - serial: 8250_mtk: Fix uart_get_baud_rate warning\n (git-fixes).\n\n - serial: txx9: add missing platform_driver_unregister()\n on error in serial_txx9_init (git-fixes).\n\n - spi: lpspi: Fix use-after-free on unbind (git-fixes).\n\n - staging: comedi: cb_pcidas: Allow 2-channel commands for\n AO subdevice (git-fixes).\n\n - staging: octeon: Drop on uncorrectable alignment or FCS\n error (git-fixes).\n\n - staging: octeon: repair 'fixed-link' support\n (git-fixes).\n\n - staging: rtl8723bs: Add 024c:0627 to the list of SDIO\n device-ids (git-fixes).\n\n - SUNRPC: fix copying of multiple pages in\n gss_read_proxy_verf() (bsc#1154353).\n\n - SUNRPC: Fix general protection fault in\n trace_rpc_xdr_overflow() (git-fixes).\n\n - svcrdma: fix bounce buffers for unaligned offsets and\n multiple pages (git-fixes).\n\n - tcp: use sendpage_ok() to detect misused .sendpage\n (bsc#1172873).\n\n - thunderbolt: Add the missed ida_simple_remove() in\n ring_request_msix() (git-fixes).\n\n - thunderbolt: Fix memory leak if ida_simple_get() fails\n in enumerate_services() (git-fixes).\n\n - timer: Fix wheel index calculation on last level\n (git-fixes).\n\n - timer: Prevent base->clk from moving backward\n (git-fixes).\n\n - tpm: efi: Do not create binary_bios_measurements file\n for an empty log (git-fixes).\n\n - tpm_tis: Disable interrupts on ThinkPad T490s\n (git-fixes).\n\n - tracing: Fix out of bounds write in get_trace_buf\n (git-fixes).\n\n - tty: serial: fsl_lpuart: add LS1028A support\n (git-fixes).\n\n - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16\n words, like LS1028A (git-fixes).\n\n - tty: serial: imx: fix potential deadlock (git-fixes).\n\n - tty: serial: imx: keep console clocks always on\n (git-fixes).\n\n - uio: Fix use-after-free in uio_unregister_device()\n (git-fixes).\n\n - uio: free uio id after uio file node is freed\n (git-fixes).\n\n - USB: Add NO_LPM quirk for Kingston flash drive\n (git-fixes).\n\n - USB: adutux: fix debugging (git-fixes).\n\n - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download\n mode (git-fixes).\n\n - USB: cdc-acm: fix cooldown mechanism (git-fixes).\n\n - USB: core: Change %pK for __user pointers to %px\n (git-fixes).\n\n - USB: core: driver: fix stray tabs in error messages\n (git-fixes).\n\n - USB: core: Fix regression in Hercules audio card\n (git-fixes).\n\n - USB: gadget: Fix memleak in gadgetfs_fill_super\n (git-fixes).\n\n - USB: gadget: f_midi: Fix memleak in f_midi_alloc\n (git-fixes).\n\n - USB: gadget: goku_udc: fix potential crashes in probe\n (git-fixes).\n\n - USB: host: fsl-mph-dr-of: check return of dma_set_mask()\n (git-fixes).\n\n - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n\n - USB: serial: cyberjack: fix write-URB completion race\n (git-fixes).\n\n - USB: serial: option: add LE910Cx compositions 0x1203,\n 0x1230, 0x1231 (git-fixes).\n\n - USB: serial: option: add Quectel EC200T module support\n (git-fixes).\n\n - USB: serial: option: add Telit FN980 composition 0x1055\n (git-fixes).\n\n - USB: typec: tcpm: During PR_SWAP, source caps should be\n sent only after tSwapSourceStart (git-fixes).\n\n - USB: typec: tcpm: reset hard_reset_count for any\n disconnect (git-fixes).\n\n - USB: xhci: omit duplicate actions when suspending a\n runtime suspended host (git-fixes).\n\n - video: hyperv_fb: Fix the cache type when mapping the\n VRAM (git-fixes).\n\n - video: hyperv_fb: include vmalloc.h (git-fixes).\n\n - video: hyperv: hyperv_fb: Obtain screen resolution from\n Hyper-V host (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Support deferred IO for\n Hyper-V frame buffer driver (bsc#1175306).\n\n - video: hyperv: hyperv_fb: Use physical memory for fb on\n HyperV Gen 1 VMs (bsc#1175306).\n\n - virtio: virtio_console: fix DMA memory allocation for\n rproc serial (git-fixes).\n\n - vt: Disable KD_FONT_OP_COPY (bsc#1178589).\n\n - x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n\n - x86/i8259: Use printk_deferred() to prevent deadlock\n (git-fixes).\n\n - x86/kexec: Use up-to-dated screen_info copy to fill boot\n params (bsc#1175306).\n\n - x86/microcode/intel: Check patch signature before saving\n microcode for early loading (bsc#1152489).\n\n - x86/speculation: Allow IBPB to be conditionally enabled\n on CPUs with always-on STIBP (bsc#1152489).\n\n - xfs: complain if anyone tries to create a too-large\n buffer log item (bsc#1166146).\n\n - xfs: do not update mtime on COW faults (bsc#1167030).\n\n - xfs: fix a missing unlock on error in xfs_fs_map_blocks\n (git-fixes).\n\n - xfs: fix brainos in the refcount scrubber's rmap\n fragment processor (git-fixes).\n\n - xfs: fix flags argument to rmap lookup when converting\n shared file rmaps (git-fixes).\n\n - xfs: fix rmap key and record comparison functions\n (git-fixes).\n\n - xfs: fix scrub flagging rtinherit even if there is no rt\n device (git-fixes).\n\n - xfs: flush new eof page on truncate to avoid post-eof\n corruption (git-fixes).\n\n - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166).\n\n - xfs: prohibit fs freezing when using empty transactions\n (bsc#1179442).\n\n - xfs: remove unused variable 'done' (bsc#1166166).\n\n - xfs: revert 'xfs: fix rmap key and record comparison\n functions' (git-fixes).\n\n - xfs: set the unwritten bit in rmap lookup flags in\n xchk_bmap_get_rmapextents (git-fixes).\n\n - xfs: set xefi_discard when creating a deferred agfl free\n log intent item (git-fixes).\n\n - xfs: truncate should remove all blocks, not just to the\n end of the page cache (bsc#1166166).\n\n - xhci: Fix sizeof() mismatch (git-fixes).\n\n - xhci: hisilicon: fix refercence leak in xhci_histb_probe\n (git-fixes).\n\nkernel-default-base fixes the following issues :\n\n - Add wireguard kernel module (bsc#1179225)\n\n - Create the list of crypto kernel modules dynamically,\n supersedes hardcoded list of crc32 implementations\n (bsc#1177577)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1166146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1166166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179550\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-default-base / kernel-default-base-rebuild\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:02:25", "description": "The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-29373: Fixed an unsafe handling of the root directory during path lookups in fs/io_uring.c (bnc#1179434).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).\n\nCVE-2020-27830: Fixed a NULL pointer dereference in speakup (bsc#1179656).\n\nCVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk (bnc#1179435).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-14T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0108-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-11668", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27825", "CVE-2020-27830", "CVE-2020-29370", "CVE-2020-29373", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0108-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144959", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0108-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144959);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-11668\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27825\",\n \"CVE-2020-27830\",\n \"CVE-2020-29370\",\n \"CVE-2020-29373\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0108-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-29373: Fixed an unsafe handling of the root directory during\npath lookups in fs/io_uring.c (bnc#1179434).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the\nXirlink camera USB driver (bnc#1168952).\n\nCVE-2020-27830: Fixed a NULL pointer dereference in speakup\n(bsc#1179656).\n\nCVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk\n(bnc#1179435).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180261\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27830/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29370/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29373/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210108-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e05a131\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-108=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-5.3.18-22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-30T15:31:52", "description": "The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721).\n\nCVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-11T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3748-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-29369", "CVE-2020-29371", "CVE-2020-4788"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3748-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144101", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3748-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144101);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-4788\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\",\n \"CVE-2020-29369\",\n \"CVE-2020-29371\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3748-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25668: Fixed a concurrency use-after-free in con_font_op\n(bsc#1178123).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter()\n(bsc#1178393).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-25705: Fixed an issue which could have allowed to quickly\nscan open UDP ports. This flaw allowed an off-path remote user to\neffectively bypassing source port UDP randomization (bsc#1175721).\n\nCVE-2020-28941: Fixed an issue where local attackers on systems with\nthe speakup driver could cause a local denial of service attack\n(bsc#1178740).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-29369: Fixed a race condition between certain expand\nfunctions (expand_downwards and expand_upwards) and page-table free\noperations from an munmap call, aka CID-246c320a8cfe (bnc#1173504\n1179432).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1166146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1166166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25704/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28941/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29369/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203748-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ada2721\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-3748=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-3748=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-3748=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP2-2020-3748=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3748=1\n\nSUSE Linux Enterprise High Availability 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-3748=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.43.2.9.17.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.43.2.9.17.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.43.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.43.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T15:19:17", "description": "The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0118-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-28374", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0118-1.NASL", "href": "https://www.tenable.com/plugins/nessus/145018", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0118-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145018);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2018-20669\",\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-28374\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0118-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c\n(bsc#1179663).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210118-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3fabc347\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP1-2021-118=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-118=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2021-118=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2021-118=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-118=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-118=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.78.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:01:40", "description": "The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-13T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0098-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-15436", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-4788"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0098-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144914", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0098-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144914);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2018-20669\",\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-15436\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0098-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in\ndrivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c\n(bsc#1179663).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI\nimplementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179421\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210098-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b07b6a77\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-98=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-16.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-16.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-16.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-16.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-16.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-16.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-16.41.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:03", "description": "The version of AOS installed on the remote host is prior to 6.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.0.2 advisory.\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. (CVE-2019-20934)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777)\n\n - A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c.\n This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space (CVE-2021-22555)\n\n - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:\n Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2021-2341)\n\n - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:\n Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition.\n Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2021-2369)\n\n - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:\n Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition.\n Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2021-2388)\n\n - In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. (CVE-2021-25214)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. (CVE-2021-32399)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\n - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding;\n and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.\n (CVE-2021-33037)\n\n - fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0.2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2020-11668", "CVE-2020-27777", "CVE-2021-22555", "CVE-2021-2341", "CVE-2021-2369", "CVE-2021-2388", "CVE-2021-25214", "CVE-2021-29154", "CVE-2021-29650", "CVE-2021-32399", "CVE-2021-33033", "CVE-2021-33034", "CVE-2021-33037", "CVE-2021-33909", "CVE-2021-3715"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-6_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/164560", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164560);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2020-11668\",\n \"CVE-2020-27777\",\n \"CVE-2021-2341\",\n \"CVE-2021-2369\",\n \"CVE-2021-2388\",\n \"CVE-2021-3715\",\n \"CVE-2021-22555\",\n \"CVE-2021-25214\",\n \"CVE-2021-29154\",\n \"CVE-2021-29650\",\n \"CVE-2021-32399\",\n \"CVE-2021-33033\",\n \"CVE-2021-33034\",\n \"CVE-2021-33037\",\n \"CVE-2021-33909\"\n );\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0.2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 6.0.2. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-6.0.2 advisory.\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka\n CID-16d51a590a8c. (CVE-2019-20934)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB\n driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked\n down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to further increase their privileges to that of a\n running kernel. (CVE-2020-27777)\n\n - A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c.\n This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name\n space (CVE-2021-22555)\n\n - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:\n Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle\n GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated\n attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise\n Edition. Successful attacks require human interaction from a person other than the attacker. Successful\n attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle\n GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability does not apply to Java deployments, typically in servers, that load and run\n only trusted code (e.g., code installed by an administrator). (CVE-2021-2341)\n\n - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:\n Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM\n Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker\n with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition.\n Successful attacks require human interaction from a person other than the attacker. Successful attacks of\n this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle\n GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability does not apply to Java deployments, typically in servers, that load and run\n only trusted code (e.g., code installed by an administrator). (CVE-2021-2369)\n\n - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:\n Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM\n Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition.\n Successful attacks require human interaction from a person other than the attacker. Successful attacks of\n this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the\n internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java\n deployments, typically in servers, that load and run only trusted code (e.g., code installed by an\n administrator). (CVE-2021-2388)\n\n - In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and\n 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11\n of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR\n triggering the flaw described above, the named process will terminate due to a failed assertion the next\n time the transferred secondary zone is refreshed. (CVE-2021-25214)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI\n controller. (CVE-2021-32399)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an\n hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\n - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP\n transfer-encoding request header in some circumstances leading to the possibility to request smuggling\n when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if\n the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding;\n and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.\n (CVE-2021-33037)\n\n - fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer\n allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an\n unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking\n subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat\n from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-6.0.2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8c3eec2f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3715\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter x_tables Heap OOB Write Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '6.0.2', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 6.0.2 or higher.', 'lts' : FALSE },\n { 'fixed_version' : '6.0.2', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 6.0.2 or higher.', 'lts' : FALSE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:41", "description": "The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-29373: Fixed an unsafe handling of the root directory during path lookups in fs/io_uring.c (bnc#1179434).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).\n\nCVE-2020-27830: Fixed a NULL pointer dereference in speakup (bsc#1179656).\n\nCVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk (bnc#1179435).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0117-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-11668", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-27830", "CVE-2020-28374", "CVE-2020-29370", "CVE-2020-29373", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0117-1.NASL", "href": "https://www.tenable.com/plugins/nessus/145025", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0117-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145025);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-11668\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-27830\",\n \"CVE-2020-28374\",\n \"CVE-2020-29370\",\n \"CVE-2020-29373\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0117-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-29373: Fixed an unsafe handling of the root directory during\npath lookups in fs/io_uring.c (bnc#1179434).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the\nXirlink camera USB driver (bnc#1168952).\n\nCVE-2020-27830: Fixed a NULL pointer dereference in speakup\n(bsc#1179656).\n\nCVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk\n(bnc#1179435).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178756\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180261\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27830/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29370/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29373/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210117-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?57d64693\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-117=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-117=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-117=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-117=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-117=1\n\nSUSE Linux Enterprise High Availability 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-117=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.46.1.9.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.46.1.9.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.46.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:00:27", "description": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-27835: A use after free in the Linux kernel infiniband hfi1 driver was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).\n\n - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846).\n\n - CVE-2020-28374: In drivers/target/target_core_xcopy.c insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN.\n The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore (bnc#1178372).\n\n - CVE-2020-36158: mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c might have allowed remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332 (bnc#1180559).\n\n - CVE-2020-27825: A use-after-free flaw was found in kernel/trace/ring_buffer.c. There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat (bnc#1179960).\n\n - CVE-2020-0466: In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180031).\n\n - CVE-2020-27068: In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation (bnc#1180086).\n\n - CVE-2020-0444: In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180027).\n\n - CVE-2020-0465: In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180029).\n\n - CVE-2020-29661: A locking