mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.
{"oraclelinux": [{"lastseen": "2021-07-28T14:24:58", "description": "kernel-uek\n[3.8.13-118.54.1]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349209] {CVE-2020-36158}", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.7, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36158"], "modified": "2021-02-09T00:00:00", "id": "ELSA-2021-9040", "href": "http://linux.oracle.com/errata/ELSA-2021-9040.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:57", "description": "kernel-uek\n[3.8.13-118.54.1]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349209] {CVE-2020-36158}", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.7, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36158"], "modified": "2021-02-09T00:00:00", "id": "ELSA-2021-9041", "href": "http://linux.oracle.com/errata/ELSA-2021-9041.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:52", "description": "[2.6.39-400.330.1]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349211] {CVE-2020-36158}\n[2.6.39-400.329.1]\n- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176268] {CVE-2020-28915}\n- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176268] {CVE-2020-28915}\n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187752] {CVE-2020-28974}\n- vt: sort out locking for font handling (Alan Cox) [Orabug: 32187752] {CVE-2020-28974}", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.7, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28915", "CVE-2020-28974", "CVE-2020-36158"], "modified": "2021-02-09T00:00:00", "id": "ELSA-2021-9043", "href": "http://linux.oracle.com/errata/ELSA-2021-9043.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:43", "description": "[4.14.35-2025.405.3]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426280]\n[4.14.35-2025.405.2]\n- nfs: Fix security label length not being reset (Jeffrey Mitchell) [Orabug: 32350995]\n[4.14.35-2025.405.1]\n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372162] \n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32378208] \n- sysctl: handle overflow in proc_get_long (Christian Brauner) [Orabug: 32382641] \n- net/mlx5: Use a single MSIX vector for all control EQs in VFs (Ariel Levkovich) [Orabug: 31785275] \n- net/mlx5: Fix available EQs FW used to reserve (Denis Drozdov) [Orabug: 31785275] \n- net/mlx5: Use max_num_eqs for calculation of required MSIX vectors (Denis Drozdov) [Orabug: 31785275] \n- net/mlx5: Expose DEVX specification (Yishai Hadas) [Orabug: 31785275] \n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32245085] \n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248040] {CVE-2020-28374}\n[4.14.35-2025.405.0]\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251913] \n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266681] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266681] {CVE-2020-29660}\n- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337718] \n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349207] {CVE-2020-36158}\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355210]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-02-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28374", "CVE-2020-29660", "CVE-2020-36158"], "modified": "2021-02-08T00:00:00", "id": "ELSA-2021-9035", "href": "http://linux.oracle.com/errata/ELSA-2021-9035.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:36", "description": "[4.14.35-2025.405.3.el7]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug:\n 32426280]\n[4.14.35-2025.405.2.el7]\n- nfs: Fix security label length not being reset (Jeffrey Mitchell) [Orabug:\n 32350995]\n[4.14.35-2025.405.1.el7]\n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372162]\n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32378208]\n- sysctl: handle overflow in proc_get_long (Christian Brauner) [Orabug: 32382641]\n- net/mlx5: Use a single MSIX vector for all control EQs in VFs (Ariel Levkovich) [Orabug: 31785275]\n- net/mlx5: Fix available EQs FW used to reserve (Denis Drozdov) [Orabug: 31785275]\n- net/mlx5: Use max_num_eqs for calculation of required MSIX vectors (Denis Drozdov) [Orabug: 31785275]\n- net/mlx5: Expose DEVX specification (Yishai Hadas) [Orabug: 31785275]\n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32245085]\n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248040] {CVE-2020-28374}\n[4.14.35-2025.405.0.el7]\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251913]\n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266681] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266681] {CVE-2020-29660}\n- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337718]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349207] {CVE-2020-36158}\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355210]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-02-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28374", "CVE-2020-29660", "CVE-2020-36158"], "modified": "2021-02-08T00:00:00", "id": "ELSA-2021-9039", "href": "http://linux.oracle.com/errata/ELSA-2021-9039.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:25:00", "description": "[5.4.17-2036.103.3.el7]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug:\n 32426610]\n[5.4.17-2036.103.2.el7]\n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380824]\n- netfilter: add and use nf_hook_slow_list() (Florian Westphal) [Orabug: 32372530] {CVE-2021-20177}\n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372158]\n- uek-rpm: Report removed symbols also during kabi check (Somasundaram Krishnasamy) [Orabug: 32380061]\n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350974]\n- uek-rpm: add nfs_ssc to nano_modules (Calum Mackay) [Orabug: 32346419]\n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}\n[5.4.17-2036.103.1.el7]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349203] {CVE-2020-36158}\n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32234812]\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355206]\n[5.4.17-2036.103.0.el7]\n- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337715]\n- tools: update header files in the tools directory (Thomas Tai) [Orabug: 32321484]\n- perf: Fix a kABI breakage in perf_event.h (Thomas Tai) [Orabug: 32321484]\n- perf/x86: Fix n_metric for cancelled txn (Peter Zijlstra) [Orabug: 32321484]\n- perf/x86: Fix n_pair for cancelled txn (Peter Zijlstra) [Orabug: 32321484]\n- perf/x86/intel: Check perf metrics feature for each CPU (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Support per-thread RDPMC TopDown metrics (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Support TopDown metrics on Ice Lake (Kan Liang) [Orabug: 32321484]\n- perf/x86: Use event_base_rdpmc for the RDPMC userspace support (Kan Liang) [Orabug: 32321484]\n- perf/x86: Add a macro for RDPMC offset of fixed counters (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Generic support for hardware TopDown metrics (Kan Liang) [Orabug: 32321484]\n- perf/core: Add a new PERF_EV_CAP_SIBLING event capability (Kan Liang) [Orabug: 32321484]\n- perf/core: Unify {pinned,flexible}_sched_in() (Peter Zijlstra) [Orabug: 32321484]\n- perf/x86/intel: Use switch in intel_pmu_disable/enable_event (Kan Liang) [Orabug: 32321484]\n- perf/x86: Keep LBR records unchanged in host context for guest usage (Like Xu) [Orabug: 32321484]\n- perf/x86/intel: Fix the name of perf METRICS (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Move BTS index to 47 (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Introduce the fourth fixed counter (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Name the global status bit in NMI handler (Kan Liang) [Orabug: 32321484]\n- perf/x86: Add constraint to create guest LBR event without hw counter (Like Xu) [Orabug: 32321484]\n- perf/x86/lbr: Add interface to get LBR information (Like Xu) [Orabug: 32321484]\n- perf/x86/core: Refactor hw->idx checks and cleanup (Like Xu) [Orabug: 32321484]\n- perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (Kan Liang) [Orabug: 32321484]\n- perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (Sean Christopherson) [Orabug: 32321484]\n- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32302136]\n- Revert 'cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug' (Daniel Jordan) [Orabug: 32295229]\n- cpuset: fix race between hotplug work and later CPU offline (Daniel Jordan) [Orabug: 32295229]\n- uek-rpm: aarch64: update PMU configs for Altra (Dave Kleikamp) [Orabug: 32290034]\n- driver/perf: Add PMU driver for the ARM DMC-620 memory controller (Tuan Phan) [Orabug: 32290034]\n- perf: arm-cmn: Fix conversion specifiers for node type (Will Deacon) [Orabug: 32290034]\n- perf: arm-cmn: Fix unsigned comparison to less than zero (Will Deacon) [Orabug: 32290034]\n- perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 32290034]\n- perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 32290034]\n- perf: arm_dsu: Support DSU ACPI devices (Tuan Phan) [Orabug: 32290034]\n- arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (James Morse) [Orabug: 32290034]\n- ACPI: APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 32290034]\n- iommu/arm-smmu-v3: Don't reserve implementation defined register space (Jean-Philippe Brucker) [Orabug: 32290034]\n- Revert 'BACKPORT: perf: Add Arm CMN-600 DT binding' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'BACKPORT: WIP: perf/arm-cmn: Add ACPI support' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: Add ARM DMC-620 PMU driver.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'Perf: arm-cmn: Allow irq to be shared.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: arm_cmn: improve and make it work on 2P.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: arm_dsu: Allow IRQ to be shared among devices.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: arm_dsu: Support ACPI mode.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: arm_dmc620: Update ACPI ID.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: avoid breaking KABI by reusing enum' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf/smmuv3: Allow sharing MMIO registers with the SMMU driver' (Dave Kleikamp) [Orabug: 32290034]\n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251910]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-02-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-36158", "CVE-2021-20177"], "modified": "2021-02-08T00:00:00", "id": "ELSA-2021-9038", "href": "http://linux.oracle.com/errata/ELSA-2021-9038.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:59", "description": "[5.4.17-2036.103.3]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426610]\n[5.4.17-2036.103.2]\n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380824] \n- netfilter: add and use nf_hook_slow_list() (Florian Westphal) [Orabug: 32372530] {CVE-2021-20177}\n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372158] \n- uek-rpm: Report removed symbols also during kabi check (Somasundaram Krishnasamy) [Orabug: 32380061] \n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32378206] \n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350974] \n- uek-rpm: add nfs_ssc to nano_modules (Calum Mackay) [Orabug: 32346419] \n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}\n[5.4.17-2036.103.1]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349203] {CVE-2020-36158}\n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32234812] \n- add license checking to kABI checker (Dan Duval) [Orabug: 32355206]\n[5.4.17-2036.103.0]\n- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337715] \n- tools: update header files in the tools directory (Thomas Tai) [Orabug: 32321484] \n- perf: Fix a kABI breakage in perf_event.h (Thomas Tai) [Orabug: 32321484] \n- perf/x86: Fix n_metric for cancelled txn (Peter Zijlstra) [Orabug: 32321484] \n- perf/x86: Fix n_pair for cancelled txn (Peter Zijlstra) [Orabug: 32321484] \n- perf/x86/intel: Check perf metrics feature for each CPU (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Support per-thread RDPMC TopDown metrics (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Support TopDown metrics on Ice Lake (Kan Liang) [Orabug: 32321484] \n- perf/x86: Use event_base_rdpmc for the RDPMC userspace support (Kan Liang) [Orabug: 32321484] \n- perf/x86: Add a macro for RDPMC offset of fixed counters (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Generic support for hardware TopDown metrics (Kan Liang) [Orabug: 32321484] \n- perf/core: Add a new PERF_EV_CAP_SIBLING event capability (Kan Liang) [Orabug: 32321484] \n- perf/core: Unify {pinned,flexible}_sched_in() (Peter Zijlstra) [Orabug: 32321484] \n- perf/x86/intel: Use switch in intel_pmu_disable/enable_event (Kan Liang) [Orabug: 32321484] \n- perf/x86: Keep LBR records unchanged in host context for guest usage (Like Xu) [Orabug: 32321484] \n- perf/x86/intel: Fix the name of perf METRICS (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Move BTS index to 47 (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Introduce the fourth fixed counter (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Name the global status bit in NMI handler (Kan Liang) [Orabug: 32321484] \n- perf/x86: Add constraint to create guest LBR event without hw counter (Like Xu) [Orabug: 32321484] \n- perf/x86/lbr: Add interface to get LBR information (Like Xu) [Orabug: 32321484] \n- perf/x86/core: Refactor hw->idx checks and cleanup (Like Xu) [Orabug: 32321484] \n- perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (Kan Liang) [Orabug: 32321484] \n- perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (Sean Christopherson) [Orabug: 32321484] \n- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32302136] \n- Revert 'cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug' (Daniel Jordan) [Orabug: 32295229] \n- cpuset: fix race between hotplug work and later CPU offline (Daniel Jordan) [Orabug: 32295229] \n- uek-rpm: aarch64: update PMU configs for Altra (Dave Kleikamp) [Orabug: 32290034] \n- driver/perf: Add PMU driver for the ARM DMC-620 memory controller (Tuan Phan) [Orabug: 32290034] \n- perf: arm-cmn: Fix conversion specifiers for node type (Will Deacon) [Orabug: 32290034] \n- perf: arm-cmn: Fix unsigned comparison to less than zero (Will Deacon) [Orabug: 32290034] \n- perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 32290034] \n- perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 32290034] \n- perf: arm_dsu: Support DSU ACPI devices (Tuan Phan) [Orabug: 32290034] \n- arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (James Morse) [Orabug: 32290034] \n- ACPI: APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 32290034] \n- iommu/arm-smmu-v3: Don't reserve implementation defined register space (Jean-Philippe Brucker) [Orabug: 32290034] \n- Revert 'BACKPORT: perf: Add Arm CMN-600 DT binding' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'BACKPORT: WIP: perf/arm-cmn: Add ACPI support' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: Add ARM DMC-620 PMU driver.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'Perf: arm-cmn: Allow irq to be shared.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: arm_cmn: improve and make it work on 2P.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: arm_dsu: Allow IRQ to be shared among devices.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: arm_dsu: Support ACPI mode.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: arm_dmc620: Update ACPI ID.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: avoid breaking KABI by reusing enum' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf/smmuv3: Allow sharing MMIO registers with the SMMU driver' (Dave Kleikamp) [Orabug: 32290034] \n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251910]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-02-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-36158", "CVE-2021-20177"], "modified": "2021-02-08T00:00:00", "id": "ELSA-2021-9037", "href": "http://linux.oracle.com/errata/ELSA-2021-9037.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:35", "description": "[4.1.12-124.47.3]\n- sysctl: handle overflow in proc_get_long (Christian Brauner) [Orabug: 31588015]\n[4.1.12-124.47.2]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Qing Xu) [Orabug: 31350932] {CVE-2020-12653}\n- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 31435700] \n- ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (Takashi Iwai) [Orabug: 32240688] {CVE-2020-27786}\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251907] \n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266682] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266682] {CVE-2020-29660}\n- tty: core: Use correct spinlock flavor in tiocspgrp() (Peter Hurley) [Orabug: 32266682] {CVE-2020-29660}\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349208] {CVE-2020-36158}\n[4.1.12-124.47.1]\n- target: fix XCOPY NAA identifier lookup (Mike Christie) [Orabug: 32374139] {CVE-2020-28374}", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-02-03T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12653", "CVE-2020-27786", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29660", "CVE-2020-36158"], "modified": "2021-02-03T00:00:00", "id": "ELSA-2021-9030", "href": "http://linux.oracle.com/errata/ELSA-2021-9030.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:58", "description": "[4.14.35-2047.500.9.1]\n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492110] {CVE-2021-26930}\n- xen-scsiback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- xen-netback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- xen-blkback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/x86: dont bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n[4.14.35-2047.500.9]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426612] \n- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 31175013] \n- net/rds: Incorrect RDS protocol version fall back (Ka-Cheong Poon) [Orabug: 32376163] \n- net/rds: Missing RDS/RDMA private data in response to connection request (Ka-Cheong Poon) [Orabug: 32388407]\n[4.14.35-2047.500.8]\n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32341032] \n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372161] \n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380826] \n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32245078] \n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350976] \n- net/mlx5: Use a single MSIX vector for all control EQs in VFs (Ariel Levkovich) [Orabug: 32368440] \n- net/mlx5: Fix available EQs FW used to reserve (Denis Drozdov) [Orabug: 32368440] \n- net/mlx5: Use max_num_eqs for calculation of required MSIX vectors (Denis Drozdov) [Orabug: 32368440] \n- net/mlx5: Expose DEVX specification (Yishai Hadas) [Orabug: 32368440] \n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248037] {CVE-2020-28374}\n[4.14.35-2047.500.7]\n- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32047319] \n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260255] {CVE-2020-29569}\n- lockd: dont use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337717] \n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349205] {CVE-2020-36158}\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355208]\n[4.14.35-2047.500.6]\n- net/rds: Only yield with a valid 'i_connecting_ts' timestamp (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Only increment rdma_resolve_route timeout on error (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Dont block workqueues 'cma_wq' and 'cm.wq' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Dont drop neighbor loopback connection (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Take the GID offset into account for IB devices (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Leave the neighbor cache alone (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Give each connection its own workqueue (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Disassociate ic and cm_id before rdma_destroy_id (Gerd Rausch) [Orabug: 31030774] \n- Revert 'rds: ib: Implement proper cm_id compare' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Add a rdma_cm watchdog timer (Gerd Rausch) [Orabug: 31030774] \n- Revert 'RDS: IB: fix panic with handlers running post teardown' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Release all resources allocated by 'rds_ib_setup_qp' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Change the 'rds_aux_wq' workqueue to loose order (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Dont sleep inside worker threads (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Fix a few race conditions (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Execute 'rdma_destroy_id' in the background (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Delay reconnects from passive side by 3 seconds (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Drop connections when peers perform failover (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Yield to incoming connection requests (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Remove stale comments about random backoff (Gerd Rausch) [Orabug: 31030774]\n[4.14.35-2047.500.5]\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251912] \n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266679] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266679] {CVE-2020-29660}\n[4.14.35-2047.500.4]\n- bnxt_en: Release PCI regions when DMA mask setup fails during probe. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: fix error return code in bnxt_init_board() (Zhang Changzhong) [Orabug: 32223677] \n- bnxt_en: fix error return code in bnxt_init_one() (Zhang Changzhong) [Orabug: 32223677] \n- bnxt_en: Fix counter overflow logic. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: read EEPROM A2h address using page 0 (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Re-write PCI BARs after PCI fatal error. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Set driver default message level. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Enable online self tests for multi-host/NPAR mode. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Eliminate unnecessary RX resets. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Reduce unnecessary message log during RX errors. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Add a software counter for RX ring reset. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Implement RX ring reset in response to buffer errors. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Refactor bnxt_init_one_rx_ring(). (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Refactor bnxt_free_rx_skbs(). (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Update firmware interface spec to 1.10.1.68. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Improve preset max value for ethtool -l. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Handle ethernet link being disabled by firmware. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: add basic infrastructure to support PAM4 link speeds (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: refactor bnxt_get_fw_speed() (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: refactor code to limit speed advertising (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Update firmware interface spec to 1.10.1.65. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Fix wrong flag value passed to HWRM_PORT_QSTATS_EXT fw call. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Fix HWRM_FUNC_QSTATS_EXT firmware call. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Return -EOPNOTSUPP for ETHTOOL_GREGS on VFs. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: return proper error codes in bnxt_show_temp (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Setup default RSS map in all scenarios. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: init RSS table for Minimal-Static VF reservation (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: fix HWRM error when querying VF temperature (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Fix ethtool -S statitics with XDP or TCs enabled. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Dont query FW when netif_running() is false. (Pavan Chebbi) [Orabug: 32223677] \n- bnxt_en: Add support for 'ethtool -d' (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Switch over to use the 64-bit software accumulated counters. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Accumulate all counters. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Retrieve hardware masks for port counters. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Retrieve hardware counter masks from firmware if available. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Allocate additional memory for all statistics blocks. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Refactor statistics code and structures. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Use macros to define port statistics size and offset. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Update firmware interface to 1.10.1.54. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Remove PCIe non-counters from ethtool statistics (Vasundhara Volam) [Orabug: 32223677] \n- net: bnxt: don't complain if TC flower can't be supported (Jakub Kicinski) [Orabug: 32223677] \n- bnxt_en: Fix completion ring sizing with TPA enabled. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Init ethtool link settings after reading updated PHY configuration. (Vasundhara Volam) [Orabug: 32223677] \n- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233354] {CVE-2020-14351}\n- vhost scsi: fix lun reset completion handling (Mike Christie) [Orabug: 32201608] \n- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32201608] \n- vhost/scsi: Use copy_to_iter() to send control queue response (Bijan Mottahedeh) [Orabug: 32201608] \n- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32201608] \n- vhost scsi: fix cmd completion race (Mike Christie) [Orabug: 32201608] \n- vhost scsi: alloc cmds per vq instead of session (Mike Christie) [Orabug: 32201608] \n- vhost: add helper to check if a vq has been setup (Mike Christie) [Orabug: 32201608] \n- scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32201608] \n- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32201608] \n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210458] \n- intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32219015] \n- qla2xxx: Add missing module version banner (John Donnelly) [Orabug: 32244934] \n- scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Get sas_device objects using devices rphy (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Update hba_ports sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: A small correction in _base_process_reply_queue (Tomas Henzl) [Orabug: 32223781] \n- scsi: mpt3sas: Fix sync irqs (Tomas Henzl) [Orabug: 32223781] \n- scsi: mpt3sas: Detect tampered Aero and Sea adapters (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Dont call disable_irq from IRQ poll handler (Tomas Henzl) [Orabug: 32223781] \n- scsi: mpt3sas: Remove pci-dma-compat wrapper API (Suraj Upadhyay) [Orabug: 32223781] \n- scsi: mpt3sas: Remove superfluous memset() (Li Heng) [Orabug: 32223781] \n- scsi: mpt3sas: Update driver version to 35.100.00.00 (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Postprocessing of target and LUN reset (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add functions to check if any cmd is outstanding on Target and LUN (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Rename and export interrupt mask/unmask functions (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Cancel the running work during host reset (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Dump system registers for debugging (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Memset config_cmds.reply buffer with zeros (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Fix kdoc comments format (Damien Le Moal) [Orabug: 32223781] \n- scsi: mpt3sas: Fix set but unused variable (Damien Le Moal) [Orabug: 32223781] \n- scsi: mpt3sas: Fix error returns in BRM_status_show (Johannes Thumshirn) [Orabug: 32223781] \n- scsi: mpt3sas: Fix unlock imbalance (Damien Le Moal) [Orabug: 32223781] \n- scsi: mpt3sas: Fix spelling mistake (Flavio Suligoi) [Orabug: 32223781]\n[4.14.35-2047.500.3]\n- hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32173883] \n- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32173883] \n- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32177802] \n- scsi: qla2xxx: Update version to 10.02.00.103-k (Nilesh Javali) [Orabug: 32213922] \n- qla2xxx: back port upstream patch (Quinn Tran) [Orabug: 32213922] \n- scsi: scsi_transport_fc: Add FPIN fc event codes (James Smart) [Orabug: 32213922] \n- scsi: scsi_transport_fc: refactor event posting routines (James Smart) [Orabug: 32213922] \n- Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (Quinn Tran) [Orabug: 32213922] \n- Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Check if FW supports MQ before enabling (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Reduce noisy debug message (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Reduce duplicate code in reporting speed (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Indicate correct supported speeds for Mezz card (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Flush I/O on zone disable (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Flush all sessions on zone disable (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: remove incorrect sparse #ifdef (Linus Torvalds) [Orabug: 32213922] \n- scsi: qla2xxx: Return EBUSY on fcport deletion (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Fix return of uninitialized value in rval (Colin Ian King) [Orabug: 32213922] \n- scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (Tom Rix) [Orabug: 32213922] \n- scsi: qla2xxx: Do not consume srb greedily (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Use constant when it is known (Pavel Machek (CIP)) [Orabug: 32213922] \n- scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (Ye Bin) [Orabug: 32213922] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (Ye Bin) [Orabug: 32213922] \n- scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (Ye Bin) [Orabug: 32213922] \n- scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix crash on session cleanup with unload (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix reset of MPI firmware (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix MPI reset needed message (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix buffer-buffer credit extraction error (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Correct the check for sscanf() return value (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Update version to 10.02.00.102-k (Nilesh Javali) [Orabug: 32213922] \n- scsi: qla2xxx: Add SLER and PI control support (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Add IOCB resource tracking (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Add rport fields in debugfs (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Make tgt_port_database available in initiator mode (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix I/O errors during LIP reset tests (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Performance tweak (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix memory size truncation (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Setup debugfs entries for remote ports (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix I/O failures during remote port toggle testing (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Remove unneeded variable 'rval' (Jason Yan) [Orabug: 32213922] \n- scsi: qla2xxx: Handle incorrect entry_type entries (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Fix the return value (Xianting Tian) [Orabug: 32213922] \n- scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (Tianjia Zhang) [Orabug: 32213922] \n- scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (Tianjia Zhang) [Orabug: 32213922] \n- scsi: qla2xxx: Remove redundant variable initialization (Tianjia Zhang) [Orabug: 32213922] \n- scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (Christophe JAILLET) [Orabug: 32213922] \n- scsi: qla2xxx: Remove pci-dma-compat wrapper API (Suraj Upadhyay) [Orabug: 32213922] \n- scsi: qla2xxx: Remove superfluous memset() (Li Heng) [Orabug: 32213922] \n- scsi: qla2xxx: Fix regression on sparc64 (Rene Rebe) [Orabug: 32213922] \n- scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (Enzo Matsumiya) [Orabug: 32213922] \n- scsi: qla2xxx: Address a set of sparse warnings (Shyam Sundar) [Orabug: 32213922] \n- scsi: qla2xxx: SAN congestion management implementation (Shyam Sundar) [Orabug: 32213922] \n- scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (Shyam Sundar) [Orabug: 32213922] \n- scsi: qla2xxx: Introduce a function for computing the debug message prefix (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Remove a superfluous cast (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Initialize 'n' before using it (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (Bart Van Assche) [Orabug: 32213922] \n- scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (James Smart) [Orabug: 32213922] \n- scsi: fc: add FPIN ELS definition (James Smart) [Orabug: 32213922] \n- staging: rts5208: rename SG_END macro (Arnd Bergmann) [Orabug: 32218536] \n- misc: rtsx: rename SG_END macro (Arnd Bergmann) [Orabug: 32218536] \n- ACPI: NFIT: Add runtime firmware activate support (Dan Williams) [Orabug: 32224144] \n- PM, libnvdimm: Add runtime firmware activation support (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Convert to DEVICE_ATTR_ADMIN_RO() (Dan Williams) [Orabug: 32224144] \n- driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Emulate firmware activation commands (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Prepare nfit_ctl_test() for ND_CMD_CALL emulation (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Add command debug messages (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Cleanup dimm index passing (Dan Williams) [Orabug: 32224144] \n- ACPI: NFIT: Define runtime firmware activation commands (Dan Williams) [Orabug: 32224144] \n- ACPI: NFIT: Move bus_dsm_mask out of generic nvdimm_bus_descriptor (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Validate command family indices (Dan Williams) [Orabug: 32224144] \n- PM: hibernate: Incorporate concurrency handling (Domenico Andreoli) [Orabug: 32224144] \n- libnvdimm: Move nvdimm_bus_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm/of_pmem: Provide a unique name for bus provider (Aneesh Kumar K.V) [Orabug: 32224144] \n- libnvdimm: Move nvdimm_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_mapping_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_region_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_numa_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_device_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move region attribute group definition (Dan Williams) [Orabug: 32224144] \n- libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move attribute groups to device type (Dan Williams) [Orabug: 32224144] \n- acpi/nfit: improve bounds checking for 'func' (Dan Carpenter) [Orabug: 32224144] \n- ACPI/nfit: delete the function to_acpi_nfit_desc (Xiaochun Lee) [Orabug: 32224144]\n[4.14.35-2047.500.2]\n- lockdown: make lockdown mode available in securityfs (Alan Maguire) [Orabug: 32176137] \n- uek-rpm: Dont build emb2 kernel for mips (Dave Kleikamp) [Orabug: 32176895] \n- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177989] \n- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32195765] \n- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32195765] \n- lib/scatterlist: Add SG_CHAIN and SG_END macros for LSB encodings (Anshuman Khandual) [Orabug: 32195765] \n- lib/scatterlist: Avoid potential scatterlist entry overflow (Tvrtko Ursulin) [Orabug: 32195765] \n- lib/scatterlist: Fix offset type in sg_alloc_table_from_pages (Tvrtko Ursulin) [Orabug: 32195765] \n- rds: fix out-of-tree build broken by tracepoints (Alan Maguire) [Orabug: 32185345] \n- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177547]\n[4.14.35-2047.500.1]\n- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin( )) [Orabug: 32131174] {CVE-2020-25704}\n- perf/core: Fix bad use of igrab() (Song Liu) [Orabug: 32131174] {CVE-2020-25704}\n- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136897] \n- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136897] \n- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136897] \n- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136897] \n- xen/gntdev: fix up blockable calls to mn_invl_range_start (Michal Hocko) [Orabug: 32139243] \n- uek-rpm: Enable Intel Speed Select Technology interface support (Somasundaram Krishnasamy) [Orabug: 32047440] \n- platform/x86: ISST: Add new PCI device ids (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Increase timeout (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Fix wrong unregister type (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Allow additional core-power mailbox commands (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Allow additional TRL MSRs (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Use dev_get_drvdata (Chuhong Yuan) [Orabug: 32047440] \n- platform/x86: ISST: Restore state on resume (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select PUNIT MSR interface (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select mailbox interface via MSRs (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select mailbox interface via PCI (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select mmio interface (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add IOCTL to Translate Linux logical CPU to PUNIT CPU number (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Store per CPU information (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add common API to register and handle ioctls (Srinivas Pandruvada) [Orabug: 32047440]\n[4.14.35-2046]\n- lockdown: By default run in integrity mode. (Konrad Rzeszutek Wilk) [Orabug: 32131560] \n- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138009] \n- Revert 'pci: hardcode enumeration' (Dave Aldridge) [Orabug: 32152281] \n- hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152143] \n- hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152143] \n- Revert 'iomap: Fix pipe page leakage during splicing' (George Kennedy) [Orabug: 30848187] \n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Icelakx (Ankur Arora) [Orabug: 32080078] \n- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on AMD Zen (Ankur Arora) [Orabug: 32080078] \n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Broadwellx (Ankur Arora) [Orabug: 32080078] \n- mm, clear_huge_page: use clear_page_uncached() for gigantic pages (Ankur Arora) [Orabug: 32080078] \n- x86/clear_page: add clear_page_uncached() (Ankur Arora) [Orabug: 32080078] \n- x86/asm: add clear_page_nt() (Ankur Arora) [Orabug: 32080078] \n- perf bench: add memset_movnti() (Ankur Arora) [Orabug: 32080078] \n- x86/asm: add memset_movnti() (Ankur Arora) [Orabug: 32080078] \n- x86/cpuid: add X86_FEATURE_NT_GOOD (Ankur Arora) [Orabug: 32080078] \n- Linux 4.14.206 (Greg Kroah-Hartman) \n- powercap: restrict energy meter to root access (Len Brown) \n- Linux 4.14.205 (Greg Kroah-Hartman) [Orabug: 32041544] \n- arm64: dts: marvell: espressobin: add ethernet alias (Tomasz Maciej Nowak) \n- PM: runtime: Resume the device earlier in __device_release_driver() (Rafael J. Wysocki) \n- Revert 'ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE' (Vineet Gupta) \n- ARC: stack unwinding: avoid indefinite looping (Vineet Gupta) \n- usb: mtu3: fix panic in mtu3_gadget_stop() (Macpaul Lin) \n- USB: Add NO_LPM quirk for Kingston flash drive (Alan Stern) \n- USB: serial: option: add Telit FN980 composition 0x1055 (Daniele Palmas) \n- USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (Daniele Palmas) \n- USB: serial: option: add Quectel EC200T module support (Ziyi Cao) \n- USB: serial: cyberjack: fix write-URB completion race (Johan Hovold) \n- serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (Qinglang Miao) \n- serial: 8250_mtk: Fix uart_get_baud_rate warning (Claire Chang) \n- fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (Eddy Wu) \n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) \n- ACPI: NFIT: Fix comparison to '-ENXIO' (Zhang Qilong) \n- drm/vc4: drv: Add error handding for bind (Hoegeun Kwon) \n- vsock: use ns_capable_noaudit() on socket create (Jeff Vander Stoep) \n- scsi: core: Dont start concurrent async scan on same host (Ming Lei) \n- blk-cgroup: Pre-allocate tree node on blkg_conf_prep (Gabriel Krisman Bertazi) \n- blk-cgroup: Fix memleak on error path (Gabriel Krisman Bertazi) \n- of: Fix reserved-memory overlap detection (Vincent Whitchurch) \n- x86/kexec: Use up-to-dated screen_info copy to fill boot params (Kairui Song) \n- ARM: dts: sun4i-a10: fix cpu_alert temperature (Clement Peron) \n- futex: Handle transient 'ownerless' rtmutex state correctly (Mike Galbraith) \n- tracing: Fix out of bounds write in get_trace_buf (Qiujun Huang) \n- ftrace: Handle tracing when switching between context (Steven Rostedt (VMware)) \n- ftrace: Fix recursion check for NMI test (Steven Rostedt (VMware)) \n- gfs2: Wake up when sd_glock_disposal becomes zero (Alexander Aring) \n- mm: always have io_remap_pfn_range() set pgprot_decrypted() (Jason Gunthorpe) \n- kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (Zqiang) \n- lib/crc32test: remove extra local_irq_disable/enable (Vasily Gorbik) \n- ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (Geoffrey D. Bennett) \n- Fonts: Replace discarded const qualifier (Lee Jones) \n- blktrace: fix debugfs use after free (Luis Chamberlain) {CVE-2019-19770}\n- Blktrace: bail out early if block debugfs is not configured (Liu Bo) \n- sfp: Fix error handing in sfp_probe() (YueHaibing) \n- sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms (Petr Malat) \n- net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (Daniele Palmas) \n- gianfar: Account for Tx PTP timestamp in the skb headroom (Claudiu Manoil) \n- gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (Claudiu Manoil) \n- tipc: fix use-after-free in tipc_bcast_get_mode (Hoang Huu Le) \n- drm/i915: Break up error capture compression loops with cond_resched() (Chris Wilson) \n- Linux 4.14.204 (Greg Kroah-Hartman) \n- staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (Ian Abbott) \n- KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR (Marc Zyngier) \n- device property: Dont clear secondary pointer for shared primary firmware node (Andy Shevchenko) \n- device property: Keep secondary firmware node secondary by type (Andy Shevchenko) \n- ARM: s3c24xx: fix missing system reset (Krzysztof Kozlowski) \n- ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (Krzysztof Kozlowski) \n- arm: dts: mt7623: add missing pause for switchport (Frank Wunderlich) \n- hil/parisc: Disable HIL driver when it gets stuck (Helge Deller) \n- cachefiles: Handle readpage error correctly (Matthew Wilcox (Oracle)) \n- arm64: berlin: Select DW_APB_TIMER_OF (Jisheng Zhang) \n- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) \n- rtc: rx8010: dont modify the global rtc ops (Bartosz Golaszewski) \n- drm/ttm: fix eviction valuable range check. (Dave Airlie) \n- ext4: fix invalid inode checksum (Luo Meng) \n- ext4: fix error handling code in add_new_gdb (Dinghao Liu) \n- ext4: fix leaking sysfs kobject after failed mount (Eric Biggers) \n- vringh: fix __vringh_iov() when riov and wiov are different (Stefano Garzarella) \n- ring-buffer: Return 0 on success from ring_buffer_resize() (Qiujun Huang) \n- 9P: Cast to loff_t before multiplying (Matthew Wilcox (Oracle)) \n- libceph: clear con->out_msg on Policy::stateful_server faults (Ilya Dryomov) \n- ceph: promote to unsigned long long before shifting (Matthew Wilcox (Oracle)) \n- drm/amdgpu: dont map BO in reserved region (Madhav Chauhan) \n- ia64: fix build error with !COREDUMP (Krzysztof Kozlowski) \n- ubi: check kthread_should_stop() after the setting of task state (Zhihao Cheng) \n- perf python scripting: Fix printable strings in python3 scripts (Jiri Olsa) \n- ubifs: dent: Fix some potential memory leaks while iterating entries (Zhihao Cheng) \n- NFSD: Add missing NFSv2 .pc_func methods (Chuck Lever) \n- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (Olga Kornievskaia) \n- powerpc/powernv/elog: Fix race while processing OPAL error log event. (Mahesh Salgaonkar) \n- powerpc: Warn about use of smt_snooze_delay (Joel Stanley) \n- powerpc/rtas: Restrict RTAS requests from userspace (Andrew Donnellan) \n- s390/stp: add locking to sysfs functions (Sven Schnelle) \n- iio:gyro:itg3200: Fix timestamp alignment and prevent data leak. (Jonathan Cameron) \n- iio:adc:ti-adc12138 Fix alignment issue with timestamp (Jonathan Cameron) \n- iio:adc:ti-adc0832 Fix alignment issue with timestamp (Jonathan Cameron) \n- iio:light:si1145: Fix timestamp alignment and prevent data leak. (Jonathan Cameron) \n- dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (Paul Cercueil) \n- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) {CVE-2020-25656}\n- vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) \n- drm/i915: Force VTd workarounds when running as a guest OS (Chris Wilson) \n- usb: host: fsl-mph-dr-of: check return of dma_set_mask() (Ran Wang) \n- usb: cdc-acm: fix cooldown mechanism (Jerome Brunet) \n- usb: dwc3: core: dont trigger runtime pm when remove driver (Li Jun) \n- usb: dwc3: core: add phy cleanup for probe error handling (Li Jun) \n- usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (Thinh Nguyen) \n- btrfs: fix use-after-free on readahead extent after failure to create it (Filipe Manana) \n- btrfs: cleanup cow block on error (Josef Bacik) \n- btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send() (Denis Efremov) \n- btrfs: send, recompute reference path after orphanization of a directory (Filipe Manana) \n- btrfs: reschedule if necessary when logging directory items (Filipe Manana) \n- scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() (Helge Deller) \n- w1: mxc_w1: Fix timeout resolution problem leading to bus error (Martin Fuzzey) \n- acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (Wei Huang) \n- ACPI: debug: dont allow debugging when ACPI is disabled (Jamie Iles) \n- ACPI: video: use ACPI backlight for HP 635 Notebook (Alex Hung) \n- ACPI / extlog: Check for RDMSR failure (Ben Hutchings) \n- NFS: fix nfs_path in case of a rename retry (Ashish Sangwan) \n- fs: Dont invalidate page buffers in block_write_full_page() (Jan Kara) \n- leds: bcm6328, bcm6358: use devres LED registering function (Marek Behun) \n- perf/x86/amd/ibs: Fix raw sample data accumulation (Kim Phillips) \n- perf/x86/amd/ibs: Dont include randomized bits in get_ibs_op_count() (Kim Phillips) \n- md/raid5: fix oops during stripe resizing (Song Liu) \n- nvme-rdma: fix crash when connect rejected (Chao Leng) \n- sgl_alloc_order: fix memory leak (Douglas Gilbert) \n- nbd: make the config put is called before the notifying the waiter (Xiubo Li) \n- ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node (Krzysztof Kozlowski) \n- ARM: dts: s5pv210: move PMU node out of clock controller (Krzysztof Kozlowski) \n- ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings (Krzysztof Kozlowski) \n- memory: emif: Remove bogus debugfs error handling (Dan Carpenter) \n- arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes (Yoshihiro Shimoda) \n- gfs2: add validation checks for size of superblock (Anant Thazhemadam) \n- ext4: Detect already used quota file early (Jan Kara) \n- drivers: watchdog: rdc321x_wdt: Fix race condition bugs (Madhuparna Bhowmik) \n- net: 9p: initialize sun_server.sun_path to have addrs value only when addr is valid (Anant Thazhemadam) \n- clk: ti: clockdomain: fix static checker warning (Tero Kristo) \n- bnxt_en: Log unknown link speed appropriately. (Michael Chan) \n- md/bitmap: md_bitmap_get_counter returns wrong blocks (Zhao Heming) \n- power: supply: test_power: add missing newlines when printing parameters by sysfs (Xiongfeng Wang) \n- bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (Diana Craciun) \n- drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values (Xie He) \n- ACPI: Add out of bounds and numa_off protections to pxm_to_node() (Jonathan Cameron) \n- arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE (Zhengyuan Liu) \n- uio: free uio id after uio file node is freed (Lang Dai) \n- USB: adutux: fix debugging (Oliver Neukum) \n- cpufreq: sti-cpufreq: add stih418 support (Alain Volmat) \n- kgdb: Make 'kgdbcon' work properly with 'kgdb_earlycon' (Douglas Anderson) \n- printk: reduce LOG_BUF_SHIFT range for H8300 (John Ogness) \n- drm/bridge/synopsys: dsi: add support for non-continuous HS clock (Antonio Borneo) \n- mmc: via-sdmmc: Fix data race bug (Madhuparna Bhowmik) \n- media: tw5864: check status of tw5864_frameinterval_get (Tom Rix) \n- usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (Badhri Jagan Sridharan) \n- media: platform: Improve queue set up flow for bug fixing (Xia Jiang) \n- media: videodev2.h: RGB BT2020 and HSV are always full range (Hans Verkuil) \n- drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (Nadezda Lutovinova) \n- ath10k: fix VHT NSS calculation when STBC is enabled (Sathishkumar Muruganandam) \n- ath10k: start recovery process when payload length exceeds max htc length for sdio (Wen Gong) \n- video: fbdev: pvr2fb: initialize variables (Tom Rix) \n- xfs: fix realtime bitmap/summary file truncation when growing rt volume (Darrick J. Wong) \n- ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses (Douglas Anderson) \n- um: change sigio_spinlock to a mutex (Johannes Berg) \n- f2fs: fix to check segment boundary during SIT page readahead (Chao Yu) \n- f2fs: add trace exit in exception path (Zhang Qilong) \n- sparc64: remove mm_cpumask clearing to fix kthread_use_mm race (Nicholas Piggin) \n- powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (Nicholas Piggin) \n- powerpc/powernv/smp: Fix spurious DBG() warning (Oliver O Halloran) \n- futex: Fix incorrect should_fail_futex() handling (Mateusz Nosek) \n- mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (Amit Cohen) \n- x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (Jiri Slaby) \n- fscrypt: return -EXDEV for incompatible rename or link into encrypted dir (Eric Biggers) \n- ata: sata_rcar: Fix DMA boundary mask (Geert Uytterhoeven) \n- mtd: lpddr: Fix bad logic in print_drs_error (Gustavo A. R. Silva) \n- p54: avoid accessing the data mapped to streaming DMA (Jia-Ju Bai) \n- fuse: fix page dereference after free (Miklos Szeredi) \n- x86/xen: disable Firmware First mode for correctable memory errors (Juergen Gross) \n- arch/x86/amd/ibs: Fix re-arming IBS Fetch (Kim Phillips) \n- tipc: fix memory leak caused by tipc_buf_append() (Tung Nguyen) \n- ravb: Fix bit fields checking in ravb_hwtstamp_get() (Andrew Gabbasov) \n- gtp: fix an use-before-init in gtp_newlink() (Masahiro Fujiwara) \n- efivarfs: Replace invalid slashes with exclamation marks in dentries. (Michael Schaller) \n- arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (Nick Desaulniers) \n- scripts/setlocalversion: make git describe output more reliable (Rasmus Villemoes) \n- Btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Filipe Manana) [Orabug: 31864725] {CVE-2019-19816}\n- btrfs: fix return value mixup in btrfs_get_extent (Pavel Machek) [Orabug: 31864725] {CVE-2019-19816}\n- btrfs: inode: Verify inode mode to avoid NULL pointer dereference (Qu Wenruo) [Orabug: 31864725] {CVE-2019-19816}\n- hv_netvsc: Set probe mode to sync (Haiyang Zhang) [Orabug: 32120118]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-02-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19770", "CVE-2019-19816", "CVE-2020-14351", "CVE-2020-25656", "CVE-2020-25704", "CVE-2020-27673", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-36158", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-02-16T00:00:00", "id": "ELSA-2021-9052", "href": "http://linux.oracle.com/errata/ELSA-2021-9052.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:36", "description": "[5.4.17-2102.200.13]\n- bpf, selftests: Fix up some test_verifier cases for unprivileged (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Add sanity check for upper ptr_limit (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Simplify alu_limit masking for pointer arithmetic (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Fix off-by-one for area size in creating mask to left (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Prohibit alu ops for pointer types not defining ptr_limit (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- selftests/bpf: Test access to bpf map pointer (Andrey Ignatov) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Fix truncation handling for mod32 dst reg wrt zero (Daniel Borkmann) [Orabug: 32673813] {CVE-2021-3444}\n- bpf: Fix 32 bit src register truncation on div/mod (Daniel Borkmann) [Orabug: 32673813] {CVE-2021-3444}\n[5.4.17-2102.200.12]\n- Revert x86/platform/uv: Update UV MMRs for UV5 (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Add UV5 direct references (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Add and decode Arch Type in UVsystab (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update MMIOH references based on new UV5 MMRs (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Adjust GAM MMR references affected by UV5 updates (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update UV5 MMR references in UV GRU (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update node present counting (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update UV5 TSC checking (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update for UV5 NMI MMR changes (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update Copyrights to conform to HPE standards (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Fix missing OEM_TABLE_ID (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Remove spaces from OEM IDs (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Recognize UV5 hubless system identifier (Jack Vogel) [Orabug: 32651197] \n- Revert x86/tlb/uv: Add a forward declaration for struct flush_tlb_info (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Drop last traces of uv_flush_tlb_others (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Fix copied UV5 output archtype (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Fix UV4 hub revision adjustment (Jack Vogel) [Orabug: 32651197]\n[5.4.17-2102.200.11]\n- mm/vmscan: fix infinite loop in drop_slab_node (Chunxin Zang) [Orabug: 32620155] \n- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- drm/nouveau: bail out of nouveau_channel_new if channel init fails (Frantisek Hrbata) [Orabug: 32591559] {CVE-2020-25639}\n- mm: support memblock alloc on the exact node for sparse_buffer_init() (Yunfeng Ye) [Orabug: 32613823] \n- mm/sparse.c: do not waste pre allocated memmap space (Michal Hocko) [Orabug: 32613823] \n- mm/sparse: consistently do not zero memmap (Vincent Whitchurch) [Orabug: 32613823]\n[5.4.17-2102.200.10]\n- scsi: target: core: Make completion affinity configurable (Mike Christie) [Orabug: 32403502] \n- target: flush submission work during TMR processing (Mike Christie) [Orabug: 32403502] \n- target iblock: add backend plug/unplug callouts (Mike Christie) [Orabug: 32403502] \n- target: fix backend plugging (Mike Christie) [Orabug: 32403502] \n- target: cleanup cmd flag bits (Mike Christie) [Orabug: 32403502] \n- tcm loop: use lio wq cmd submission helper (Mike Christie) [Orabug: 32403502] \n- tcm loop: use blk cmd allocator for se_cmds (Mike Christie) [Orabug: 32403502] \n- vhost scsi: use lio wq cmd submission helper (Mike Christie) [Orabug: 32403502] \n- target: add workqueue based cmd submission (Mike Christie) [Orabug: 32403502] \n- target: add gfp_t arg to target_cmd_init_cdb (Mike Christie) [Orabug: 32403502] \n- target: remove target_submit_cmd_map_sgls (Mike Christie) [Orabug: 32403502] \n- tcm_fc: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- xen-scsiback: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- vhost-scsi: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- usb gadget: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- sbp_target: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- tcm_loop: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- qla2xxx: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- ibmvscsi_tgt: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- srpt: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- target: break up target_submit_cmd_map_sgls (Mike Christie) [Orabug: 32403502] \n- target: rename transport_init_se_cmd (Mike Christie) [Orabug: 32403502] \n- target: drop kref_get_unless_zero in target_get_sess_cmd (Mike Christie) [Orabug: 32403502] \n- target: move t_task_cdb initialization (Mike Christie) [Orabug: 32403502] \n- scsi: tcm_loop: Allow queues, can_queue and cmd_per_lun to be settable (Mike Christie) [Orabug: 32403502] \n- scsi: target: Make state_list per CPU (Mike Christie) [Orabug: 32403502] \n- scsi: target: Drop sess_cmd_lock from I/O path (Mike Christie) [Orabug: 32403502] \n- scsi: qla2xxx: Move sess cmd list/lock to driver (Mike Christie) [Orabug: 32403502] \n- scsi: target: Remove TARGET_SCF_LOOKUP_LUN_FROM_TAG (Mike Christie) [Orabug: 32403502] \n- scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (Mike Christie) [Orabug: 32403502] \n- scsi: target: Fix cmd_count ref leak (Mike Christie) [Orabug: 32403502] \n- scsi: target: Fix LUN ref count handling (Mike Christie) [Orabug: 32403502] \n- scsi: target: Fix lun lookup for TARGET_SCF_LOOKUP_LUN_FROM_TAG case (Sudhakar Panneerselvam) [Orabug: 32403502] \n- scsi: target: Rename target_setup_cmd_from_cdb() to target_cmd_parse_cdb() (Sudhakar Panneerselvam) [Orabug: 32403502] \n- scsi: target: Fix NULL pointer dereference (Sudhakar Panneerselvam) [Orabug: 32403502] \n- scsi: target: Initialize LUN in transport_init_se_cmd() (Sudhakar Panneerselvam) [Orabug: 32403502] \n- scsi: target: Factor out a new helper, target_cmd_init_cdb() (Sudhakar Panneerselvam) [Orabug: 32403502] \n- mm: memcontrol: decouple reference counting from page accounting (Johannes Weiner) \n- uek-rpm: add opbmc to nano-kernel (Eric Snowberg) [Orabug: 32555675] \n- rds: rds_drop_egress events should be enabled as part of RDS_RTD_SND (Alan Maguire) [Orabug: 32587016] \n- rds: use dedicated rds_send_lock_contention tracepoint instead of drop (Alan Maguire) [Orabug: 32587016] \n- rds: ensure saddr/daddr for tracepoints is not NULL (Alan Maguire) [Orabug: 32580940] \n- hsr: use netdev_err() instead of WARN_ONCE() (Taehee Yoo) [Orabug: 32576070] \n- PCI: hotplug: Add module parameter to allow user control of LEDs (Thomas Tai) [Orabug: 32556980] \n- net/rds: increase 1MB MR pool size for RDS (Manjunath Patil) \n- block/diskstats: accumulate all per-cpu counters in one pass (Konstantin Khlebnikov) [Orabug: 32531556] \n- arm64/crash_core: fix TCR_EL1.T1SZ in vmcoreinfo (John Donnelly) [Orabug: 32559514] \n- x86/platform/uv: Fix UV4 hub revision adjustment (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Fix copied UV5 output archtype (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Drop last traces of uv_flush_tlb_others (Jiri Slaby) [Orabug: 32527680] \n- x86/tlb/uv: Add a forward declaration for struct flush_tlb_info (Borislav Petkov) [Orabug: 32527680] \n- x86/platform/uv: Recognize UV5 hubless system identifier (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Remove spaces from OEM IDs (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Fix missing OEM_TABLE_ID (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update Copyrights to conform to HPE standards (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update for UV5 NMI MMR changes (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update UV5 TSC checking (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update node present counting (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update UV5 MMR references in UV GRU (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Adjust GAM MMR references affected by UV5 updates (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update MMIOH references based on new UV5 MMRs (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Add and decode Arch Type in UVsystab (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Add UV5 direct references (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update UV MMRs for UV5 (Mike Travis) [Orabug: 32527680] \n- drivers/misc/sgi-xp: Adjust references in UV kernel modules (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Remove SCIR MMR references for UV systems (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Remove UV BAU TLB Shootdown Handler (Mike Travis) [Orabug: 32527680] \n- x86/apic/uv: Avoid unused variable warning (Arnd Bergmann) [Orabug: 32527680] \n- x86/platform/uv: Remove vestigial mention of UV1 platform from bios header (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for uv1 platform from uv_hub (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv_bau (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv_mmrs (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from x2apic_uv_x (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv_tlb (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv_time (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove the unused _uv_cpu_blade_processor_id() macro (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Unexport uv_apicid_hibits (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Remove _uv_hub_info_check() (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Simplify uv_send_IPI_one() (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Remove the UV*_HUB_IS_SUPPORTED macros (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Remove the uv_partition_coherence_id() macro (Christoph Hellwig) [Orabug: 32527680] \n- x86/apic/uv: Remove code for unused distributed GRU mode (Steve Wahl) [Orabug: 32527680] \n- cper,edac,efi: Memory Error Record: bank group/address and chip id (Alex Kluver) [Orabug: 32526741] \n- edac,ghes,cper: Add Row Extension to Memory Error Record (Alex Kluver) [Orabug: 32526741] \n- perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info (Steve Wahl) [Orabug: 32526200] \n- perf/x86/intel/uncore: Store the logical die id instead of the physical die id. (Steve Wahl) [Orabug: 32526200] \n- perf/x86/intel/uncore: Generic support for the PCI sub driver (Kan Liang) [Orabug: 32526200] \n- perf/x86/intel/uncore: Factor out uncore_pci_pmu_unregister() (Kan Liang) [Orabug: 32526200] \n- perf/x86/intel/uncore: Factor out uncore_pci_pmu_register() (Kan Liang) [Orabug: 32526200] \n- perf/x86/intel/uncore: Factor out uncore_pci_find_dev_pmu() (Kan Liang) [Orabug: 32526200] \n- perf/x86/intel/uncore: Factor out uncore_pci_get_dev_die_info() (Kan Liang) [Orabug: 32526200]\n[5.4.17-2102.200.9]\n- KVM: arm64: guest context in x18 instead of x29 (Mihai Carabas) [Orabug: 32563746]\n[5.4.17-2102.200.8]\n- config: enable CONFIG_MLX5_MPFS (Brian Maly) [Orabug: 32522477] \n- random: wire /dev/random with a DRBG instance (Saeed Mirzamohammadi) [Orabug: 32522086] \n- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) [Orabug: 32522086] \n- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) [Orabug: 32522086] \n- crypto: jitter - SP800-90B compliance (Stephan Muller) [Orabug: 32522086] \n- crypto: jitter - add header to fix buildwarnings (Ben Dooks) [Orabug: 32522086] \n- crypto: jitter - fix comments (Alexander E. Patrakov) [Orabug: 32522086] \n- Revert RDMA/umem: Move to allocate SG table from pages (John Donnelly) [Orabug: 32481224] \n- Revert lib/scatterlist: Add support in dynamic allocation of SG table from pages (John Donnelly) [Orabug: 32481224] \n- Revert Maintainer: Fix build warning introduced in commit 99b99d76e6732 (John Donnelly) [Orabug: 32481224]\n[5.4.17-2102.200.7]\n- KVM: arm64: pmu: Dont mark a counter as chained if the odd one is disabled (Eric Auger) [Orabug: 32504832] \n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492108] {CVE-2021-26930}\n- xen-scsiback: dont handle error by BUG() (Jan Beulich) [Orabug: 32492100] {CVE-2021-26931}\n- xen-netback: dont handle error by BUG() (Jan Beulich) [Orabug: 32492100] {CVE-2021-26931}\n- xen-blkback: dont handle error by BUG() (Jan Beulich) [Orabug: 32492100] {CVE-2021-26931}\n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492092] {CVE-2021-26932}\n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492092] {CVE-2021-26932}\n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492092] {CVE-2021-26932}\n- Xen/x86: dont bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492092] {CVE-2021-26932}\n[5.4.17-2102.200.6]\n- selinux: allow reading labels before policy is loaded (Jonathan Lebon) [Orabug: 32492276] \n- rds: tracepoints incorrectly reporting valid rds ping as drop (Alan Maguire) [Orabug: 32490004] \n- KVM: arm64: Save/restore sp_el0 as part of __guest_enter (Marc Zyngier) [Orabug: 32488537] \n- uek-rpm: config-aarch64: enable MEMORY HOTREMOVE (Mihai Carabas) [Orabug: 32353873] \n- arm64/mm/hotplug: Ensure early memory sections are all online (Anshuman Khandual) [Orabug: 32353873] \n- arm64/mm/hotplug: Enable MEM_OFFLINE event handling (Anshuman Khandual) [Orabug: 32353873] \n- arm64/mm/hotplug: Register boot memory hot remove notifier earlier (Anshuman Khandual) [Orabug: 32353873] \n- arm64/mm: Enable memory hot remove (Anshuman Khandual) [Orabug: 32353873] \n- arm64/mm: Hold memory hotplug lock while walking for kernel page table dump (Anshuman Khandual) [Orabug: 32353873] \n- rds: tracepoint-related KASAN: use-after-free Read in rds_send_xmit (Alan Maguire) [Orabug: 32490030] \n- inet: do not call sublist_rcv on empty list (Florian Westphal) [Orabug: 32422895] \n- net/mlx4_en: Handle TX error CQE (Moshe Shemesh) [Orabug: 32485133] \n- net/mlx4_en: Avoid scheduling restart task if it is already running (Moshe Shemesh) [Orabug: 32485133] \n- vdpa/mlx5: allow Jumbo MTU config other than standard sized MTU (Si-Wei Liu) [Orabug: 32480078] \n- vdpa/mlx5: should exclude header length and fcs from mtu (Si-Wei Liu) [Orabug: 32480078] \n- vdpa/mlx5: Fix memory key MTT population (Eli Cohen) [Orabug: 32480078] \n- vdpa: Use simpler version of ida allocation (Parav Pandit) [Orabug: 32480078] \n- vdpa: Add missing comment for virtqueue count (Parav Pandit) [Orabug: 32480078] \n- vdpa/mlx5: Use write memory barrier after updating CQ index (Eli Cohen) [Orabug: 32480078] \n- vdpa: remove unnecessary default n in Kconfig entries (Stefano Garzarella) [Orabug: 32480078] \n- vhost_vdpa: switch to vmemdup_user() (Tian Tao) [Orabug: 32480078] \n- vhost_vdpa: return -EFAULT if copy_to_user() fails (Dan Carpenter) [Orabug: 32480078] \n- vdpa: mlx5: fix vdpa/vhost dependencies (Randy Dunlap) [Orabug: 32480078] \n- vdpa/mlx5: Setup driver only if VIRTIO_CONFIG_S_DRIVER_OK (Eli Cohen) [Orabug: 32480078] \n- vdpa/mlx5: Fix failure to bring link up (Eli Cohen) [Orabug: 32480078] \n- vdpa/mlx5: Make use of a specific 16 bit endianness API (Eli Cohen) [Orabug: 32480078] \n- vdpasim: fix mac_pton undefined error (Laurent Vivier) [Orabug: 32480078] \n- vdpasim: allow to assign a MAC address (Laurent Vivier) [Orabug: 32480078] \n- vdpasim: fix MAC address configuration (Laurent Vivier) [Orabug: 32480078] \n- vdpa: handle irq bypass register failure case (Zhu Lingshan) [Orabug: 32480078] \n- vdpa_sim: Fix DMA mask (Laurent Vivier) [Orabug: 32480078] \n- vdpa/mlx5: Fix error return in map_direct_mr() (Jing Xiangfeng) [Orabug: 32480078] \n- vhost_vdpa: Return -EFAULT if copy_from_user() fails (Dan Carpenter) [Orabug: 32480078] \n- vdpa_sim: implement get_iova_range() (Jason Wang) [Orabug: 32480078] \n- vhost: vdpa: report iova range (Jason Wang) [Orabug: 32480078] \n- vdpa: introduce config op to get valid iova range (Jason Wang) [Orabug: 32480078] \n- vhost_vdpa: remove unnecessary spin_lock in vhost_vring_call (Zhu Lingshan) [Orabug: 32480078] \n- vhost_vdpa: Fix duplicate included kernel.h (Tian Tao) [Orabug: 32480078] \n- rds: CONFIG_RDS_DEBUG + tracepoints breaks rds build (Alan Maguire) [Orabug: 32442487] \n- tools/power turbostat: Support additional CPU model numbers (Len Brown) [Orabug: 32422450] \n- tools/power turbostat: Support Tiger Lake (Chen Yu) [Orabug: 32422450]\n[5.4.17-2102.200.5]\n- vhost scsi: alloc vhost_scsi with kvzalloc() to avoid delay (Dongli Zhang) [Orabug: 32471659] \n- arm64: Reserve only 256M on RPi for crashkernel=auto (Vijay Kumar) [Orabug: 32454711] \n- nbd: freeze the queue while were adding connections (Josef Bacik) [Orabug: 32447284] {CVE-2021-3348}\n- futex: Handle faults correctly for PI futexes (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Simplify fixup_pi_state_owner() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Use pi_state_update_owner() in put_pi_state() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Provide and use pi_state_update_owner() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Replace pointless printk in fixup_owner() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Ensure the correct return value from futex_lock_pi() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- uek-rpm: Enable Oracle Pilot BMC module (Eric Snowberg) [Orabug: 32422661] \n- hwmon: Add a new Oracle Pilot BMC driver (Eric Snowberg) [Orabug: 32422661] \n- rds: avoid crash on IB conn path shutdown prepare (Alan Maguire) [Orabug: 32466763] \n- mm/memcontrol: Increase threshold for draining per-cpu stocked bytes (Imran Khan) [Orabug: 32314559]\n[5.4.17-2102.200.4]\n- Revert rds: Deregister all FRWR mr with free_mr (aru kolappan) [Orabug: 32426609] \n- thermal: intel_pch_thermal: Add PCI ids for Lewisburg PCH. (Andres Freund) [Orabug: 32424704] \n- thermal: intel: intel_pch_thermal: Add Cannon Lake Low Power PCH support (Sumeet Pawnikar) [Orabug: 32424704] \n- thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (Gayatri Kammela) [Orabug: 32424704] \n- KVM: x86: Expose AVX512_FP16 for supported CPUID (Cathy Zhang) [Orabug: 32424461] \n- x86/kvm: Expose TSX Suspend Load Tracking feature (Cathy Zhang) [Orabug: 32424461] \n- x86: Expose SERIALIZE for supported cpuid (Paolo Bonzini) [Orabug: 32424461] \n- KVM: x86: Expose fast short REP MOV for supported cpuid (Zhenyu Wang) [Orabug: 32424461] \n- KVM: x86: Expose AVX512 VP2INTERSECT in cpuid for TGL (Zhenyu Wang) [Orabug: 32424461] \n- tools: update header files in the tools directory (Thomas Tai) [Orabug: 32424461] \n- x86: Enumerate AVX512 FP16 CPUID feature flag (Kyung Min Park) [Orabug: 32424461] \n- EDAC/i10nm: Add Intel Sapphire Rapids server support (Qiuxu Zhuo) [Orabug: 32424461] \n- EDAC/i10nm: Use readl() to access MMIO registers (Qiuxu Zhuo) [Orabug: 32424461] \n- EDAC: Add DDR5 new memory type (Qiuxu Zhuo) [Orabug: 32424461] \n- EDAC: Add three new memory types (Qiuxu Zhuo) [Orabug: 32424461] \n- x86/cpufeatures: Enumerate ENQCMD and ENQCMDS instructions (Fenghua Yu) [Orabug: 32424461] \n- x86/cpufeatures: Enumerate TSX suspend load address tracking instructions (Kyung Min Park) [Orabug: 32424461] \n- x86/cpufeatures: Add enumeration for SERIALIZE instruction (Ricardo Neri) [Orabug: 32424461] \n- x86/split_lock: Enable the split lock feature on Sapphire Rapids and Alder Lake CPUs (Fenghua Yu) [Orabug: 32424461] \n- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) [Orabug: 32424461] \n- x86/cpufeatures: Add Architectural LBRs feature bit (Kan Liang) [Orabug: 32424461] \n- powercap: intel_rapl: add support for Sapphire Rapids (Zhang Rui) [Orabug: 32424461] \n- x86/cpu: Add Sapphire Rapids CPU model number (Tony Luck) [Orabug: 32424461] \n- EDAC, {skx,i10nm}: Use CPU stepping macro to pass configurations (Qiuxu Zhuo) [Orabug: 32424461] \n- x86/cpu: Add a X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS() macro (Borislav Petkov) [Orabug: 32424461] \n- powercap/intel_rapl: Convert to new X86 CPU match macros (Thomas Gleixner) [Orabug: 32424461] \n- powercap/intel_rapl: add support for TigerLake Mobile (Zhang Rui) [Orabug: 32424461] \n- powercap/intel_rapl: add support for JasperLake (Zhang Rui) [Orabug: 32424461] \n- x86/cpufeatures: Add support for fast short REP; MOVSB (Tony Luck) [Orabug: 32424461] \n- powercap/intel_rapl: add support for Cometlake desktop (Zhang Rui) [Orabug: 32424461] \n- powercap/intel_rapl: add support for CometLake Mobile (Zhang Rui) [Orabug: 32424461] \n- crypto: lib/chacha20poly1305 - define empty module exit function (Jason A. Donenfeld) [Orabug: 32417868] \n- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 32381881]\n[5.4.17-2102.200.3]\n- x86/msr: Add a pointer to an URL which contains further details (Borislav Petkov) [Orabug: 32402424] \n- x86/msr: Downgrade unrecognized MSR message (Borislav Petkov) [Orabug: 32402424] \n- x86/msr: Do not allow writes to MSR_IA32_ENERGY_PERF_BIAS (Borislav Petkov) [Orabug: 32402424] \n- x86/msr: Filter MSR writes (Borislav Petkov) [Orabug: 32402424] \n- tools/power/x86_energy_perf_policy: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32402424] \n- tools/power/turbostat: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32402424] \n- tools/power/cpupower: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32402424] \n- scsi: qla2xxx: Fix return of uninitialized value in rval (Colin Ian King) [Orabug: 32401797]\n[5.4.17-2102.200.2]\n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380823] \n- uek-rpm: Report removed symbols also during kabi check (Somasundaram Krishnasamy) [Orabug: 32380065] \n- netfilter: add and use nf_hook_slow_list() (Florian Westphal) [Orabug: 32372529] {CVE-2021-20177}\n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372157] \n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32341061] \n- scsi: qla2xxx: Do not consume srb greedily (Daniel Wagner) [Orabug: 32346794] \n- scsi: qla2xxx: Use constant when it is known (Pavel Machek (CIP)) [Orabug: 32346794] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (Ye Bin) [Orabug: 32346794] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (Ye Bin) [Orabug: 32346794] \n- scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (Ye Bin) [Orabug: 32346794] \n- scsi: qla2xxx: Update version to 10.02.00.103-k (Nilesh Javali) [Orabug: 32346794] \n- scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix reset of MPI firmware (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix MPI reset needed message (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix buffer-buffer credit extraction error (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Correct the check for sscanf() return value (Saurav Kashyap) [Orabug: 32346794] \n- scsi: qla2xxx: Update version to 10.02.00.102-k (Nilesh Javali) [Orabug: 32346794] \n- scsi: qla2xxx: Add SLER and PI control support (Saurav Kashyap) [Orabug: 32346794] \n- scsi: qla2xxx: Add IOCB resource tracking (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Add rport fields in debugfs (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Make tgt_port_database available in initiator mode (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix I/O errors during LIP reset tests (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Performance tweak (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Fix memory size truncation (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Reduce duplicate code in reporting speed (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Setup debugfs entries for remote ports (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix I/O failures during remote port toggle testing (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Remove unneeded variable rval (Jason Yan) [Orabug: 32346794] \n- scsi: qla2xxx: Handle incorrect entry_type entries (Daniel Wagner) [Orabug: 32346794] \n- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32346794] \n- scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32346794] \n- scsi: qla2xxx: Fix the return value (Xianting Tian) [Orabug: 32346794] \n- scsi: qla2xxx: Fix the size used in a dma_free_coherent() call (Christophe JAILLET) [Orabug: 32346794] \n- scsi: qla2xxx: Remove pci-dma-compat wrapper API (Suraj Upadhyay) [Orabug: 32346794] \n- scsi: qla2xxx: Remove superfluous memset() (Li Heng) [Orabug: 32346794] \n- scsi: qla2xxx: Fix regression on sparc64 (Rene Rebe) [Orabug: 32346794] \n- scsi: qla2xxx: Address a set of sparse warnings (Shyam Sundar) [Orabug: 32346794] \n- scsi: qla2xxx: SAN congestion management implementation (Shyam Sundar) [Orabug: 32346794] \n- scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (Shyam Sundar) [Orabug: 32346794] \n- scsi: qla2xxx: Introduce a function for computing the debug message prefix (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Remove a superfluous cast (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Initialize n before using it (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (Bart Van Assche) [Orabug: 32346794] \n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32374281] {CVE-2020-28374}\n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350973] \n- uek-rpm: add nfs_ssc to nano_modules (Calum Mackay) [Orabug: 32351789]\n[5.4.17-2102.200.1]\n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32361529] \n- selftests/net: remove rds.h from rds_echo.c (John Donnelly) [Orabug: 32351408] \n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349202] {CVE-2020-36158}\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355205]\n[5.4.17-2102.200.0]\n- lockd: dont use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337714] \n- tools: update header files in the tools directory (Thomas Tai) [Orabug: 32316504] \n- perf: Fix a kABI breakage in perf_event.h (Thomas Tai) [Orabug: 32316504] \n- perf/x86: Fix n_metric for cancelled txn (Peter Zijlstra) [Orabug: 32316504] \n- perf/x86: Fix n_pair for cancelled txn (Peter Zijlstra) [Orabug: 32316504] \n- perf/x86/intel: Check perf metrics feature for each CPU (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Support per-thread RDPMC TopDown metrics (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Support TopDown metrics on Ice Lake (Kan Liang) [Orabug: 32316504] \n- perf/x86: Use event_base_rdpmc for the RDPMC userspace support (Kan Liang) [Orabug: 32316504] \n- perf/x86: Add a macro for RDPMC offset of fixed counters (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Generic support for hardware TopDown metrics (Kan Liang) [Orabug: 32316504] \n- perf/core: Add a new PERF_EV_CAP_SIBLING event capability (Kan Liang) [Orabug: 32316504] \n- perf/core: Unify {pinned,flexible}_sched_in() (Peter Zijlstra) [Orabug: 32316504] \n- perf/x86/intel: Use switch in intel_pmu_disable/enable_event (Kan Liang) [Orabug: 32316504] \n- perf/x86: Keep LBR records unchanged in host context for guest usage (Like Xu) [Orabug: 32316504] \n- perf/x86/intel: Fix the name of perf METRICS (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Move BTS index to 47 (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Introduce the fourth fixed counter (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Name the global status bit in NMI handler (Kan Liang) [Orabug: 32316504] \n- perf/x86: Add constraint to create guest LBR event without hw counter (Like Xu) [Orabug: 32316504] \n- perf/x86/lbr: Add interface to get LBR information (Like Xu) [Orabug: 32316504] \n- perf/x86/core: Refactor hw->idx checks and cleanup (Like Xu) [Orabug: 32316504] \n- perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (Kan Liang) [Orabug: 32316504] \n- perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (Sean Christopherson) [Orabug: 32316504] \n- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32302135] \n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260251] {CVE-2020-29569}\n- Revert cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug (Daniel Jordan) [Orabug: 32295228] \n- cpuset: fix race between hotplug work and later CPU offline (Daniel Jordan) [Orabug: 32295228] \n- uek-rpm: aarch64: update PMU configs for Altra (Dave Kleikamp) [Orabug: 32290042] \n- driver/perf: Add PMU driver for the ARM DMC-620 memory controller (Tuan Phan) [Orabug: 32290042] \n- perf: arm-cmn: Fix conversion specifiers for node type (Will Deacon) [Orabug: 32290042] \n- perf: arm-cmn: Fix unsigned comparison to less than zero (Will Deacon) [Orabug: 32290042] \n- perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 32290042] \n- perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 32290042] \n- perf: arm_dsu: Support DSU ACPI devices (Tuan Phan) [Orabug: 32290042] \n- ACPI: APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 32290042] \n- iommu/arm-smmu-v3: Dont reserve implementation defined register space (Jean-Philippe Brucker) [Orabug: 32290042] \n- Revert BACKPORT: perf: Add Arm CMN-600 DT binding (Dave Kleikamp) [Orabug: 32290042] \n- Revert BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver (Dave Kleikamp) [Orabug: 32290042] \n- Revert BACKPORT: WIP: perf/arm-cmn: Add ACPI support (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: Add ARM DMC-620 PMU driver. (Dave Kleikamp) [Orabug: 32290042] \n- Revert BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors (Dave Kleikamp) [Orabug: 32290042] \n- Revert Perf: arm-cmn: Allow irq to be shared. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: arm_cmn: improve and make it work on 2P. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: arm_dsu: Allow IRQ to be shared among devices. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: arm_dsu: Support ACPI mode. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: arm_dmc620: Update ACPI ID. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: avoid breaking KABI by reusing enum (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf/smmuv3: Allow sharing MMIO registers with the SMMU driver (Dave Kleikamp) [Orabug: 32290042] \n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n- xen/xenbus: Add will_handle callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n[5.4.17-2051]\n- futex: Fix inode life-time issue (Peter Zijlstra) [Orabug: 32233513] {CVE-2020-14381}\n- uek-rpm: Add nvme-tcp and nvme-rdma to ol7 and ol8 nano kernels (Alan Adamson) [Orabug: 32230382] \n- intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32218857] \n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210420] \n- uek-rpm: enable VDPA subsystem and drivers (Si-Wei Liu) [Orabug: 32121107] \n- vdpa/mlx5: Fix dependency on MLX5_CORE (Eli Cohen) [Orabug: 32121107] \n- vdpa/mlx5: should keep avail_index despite device status (Si-Wei Liu) [Orabug: 32121107] \n- vdpa/mlx5: Avoid warnings about shifts on 32-bit platforms (Nathan Chancellor) [Orabug: 32121107] \n- vdpa/mlx5: fix up endian-ness for mtu (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa/mlx5: Fix pointer math in mlx5_vdpa_get_config() (Dan Carpenter) [Orabug: 32121107] \n- vdpa/mlx5: fix memory allocation failure checks (Colin Ian King) [Orabug: 32121107] \n- vdpa/mlx5: Fix uninitialised variable in core/mr.c (Alex Dewar) [Orabug: 32121107] \n- vdpa/mlx5: Add VDPA driver for supported mlx5 devices (Eli Cohen) [Orabug: 32121107] \n- vdpa/mlx5: Add shared memory registration code (Eli Cohen) [Orabug: 32121107] \n- vdpa/mlx5: Add support library for mlx5 VDPA implementation (Eli Cohen) [Orabug: 32121107] \n- vdpa/mlx5: Add hardware descriptive header file (Eli Cohen) [Orabug: 32121107] \n- net/mlx5: Add interface changes required for VDPA (Eli Cohen) [Orabug: 32121107] \n- net/mlx5: Expose vDPA emulation device capabilities (Yishai Hadas) [Orabug: 32121107] \n- net/mlx5: Add Virtio Emulation related device capabilities (Yishai Hadas) [Orabug: 32121107] \n- net/mlx5: Add VDPA interface type to supported enumerations (Eli Cohen) [Orabug: 32121107] \n- net/mlx5: Support setting access rights of dma addresses (Eli Cohen) [Orabug: 32121107] \n- net/mlx5: Provide simplified command interfaces (Leon Romanovsky) [Orabug: 32121107] \n- vhost-vdpa: fix page pinning leakage in error path (rework) (Si-Wei Liu) [Orabug: 32121107] \n- vhost-vdpa: fix vhost_vdpa_map() on error condition (Si-Wei Liu) [Orabug: 32121107] \n- vhost: Dont call log_access_ok() when using IOTLB (Greg Kurz) [Orabug: 32121107] \n- vhost vdpa: fix vhost_vdpa_open error handling (Mike Christie) [Orabug: 32121107] \n- vhost-vdpa: fix backend feature ioctls (Jason Wang) [Orabug: 32121107] \n- vhost: Fix documentation (Eli Cohen) [Orabug: 32121107] \n- vhost-iotlb: fix vhost_iotlb_itree_next() documentation (Stefano Garzarella) [Orabug: 32121107] \n- vdpa: Fix pointer math bug in vdpasim_get_config() (Dan Carpenter) [Orabug: 32121107] \n- vdpa_sim: init iommu lock (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa: Modify get_vq_state() to return error code (Eli Cohen) [Orabug: 32121107] \n- net/vdpa: Use struct for set/get vq state (Eli Cohen) [Orabug: 32121107] \n- vdpa: remove hard coded virtq num (Max Gurtovoy) [Orabug: 32121107] \n- vdpasim: support batch updating (Jason Wang) [Orabug: 32121107] \n- vhost-vdpa: support IOTLB batching hints (Jason Wang) [Orabug: 32121107] \n- vhost-vdpa: support get/set backend features (Jason Wang) [Orabug: 32121107] \n- vhost: generialize backend features setting/getting (Jason Wang) [Orabug: 32121107] \n- vhost-vdpa: refine ioctl pre-processing (Jason Wang) [Orabug: 32121107] \n- vDPA: dont change vq irq after DRIVER_OK (Zhu Lingshan) [Orabug: 32121107] \n- irqbypass: do not start cons/prod when failed connect (Zhu Lingshan) [Orabug: 32121107] \n- vhost_vdpa: implement IRQ offloading in vhost_vdpa (Zhu Lingshan) [Orabug: 32121107] \n- vDPA: add get_vq_irq() in vdpa_config_ops (Zhu Lingshan) [Orabug: 32121107] \n- kvm: detect assigned device via irqbypass manager (Zhu Lingshan) [Orabug: 32121107] \n- vhost: introduce vhost_vring_call (Zhu Lingshan) [Orabug: 32121107] \n- vdpasim: protect concurrent access to iommu iotlb (Max Gurtovoy) [Orabug: 32121107] \n- vhost: vdpa: remove per device feature whitelist (Jason Wang) [Orabug: 32121107] \n- virtio_net: use LE accessors for speed/duplex (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio-iommu: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- drm/virtio: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_pmem: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_crypto: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_fs: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_input: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_balloon: use LE config space accesses (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_config: rewrite LE accessors without _Generic (Si-Wei Liu) [Orabug: 32121107] \n- virtio_config: fix up warnings on parisc (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_config: add virtio_cread_le_feature (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_caif: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_config: LE config space accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_config: cread/write cleanup (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa_sim: fix endian-ness of config space (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_vdpa: legacy features handling (Michael S. Tsirkin) [Orabug: 32121107] \n- vhost/vdpa: switch to new helpers (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa: make sure set_features is invoked for legacy (Michael S. Tsirkin) [Orabug: 32121107] \n- mlxbf-tmfifo: sparse tags for config access (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_scsi: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_pmem: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_net: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_input: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_gpu: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_fs: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_crypto: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_console: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_blk: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_balloon: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_9p: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio: allow __virtioXX, __leXX in config space (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_ring: sparse warning fixup (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio: VIRTIO_F_IOMMU_PLATFORM -> VIRTIO_F_ACCESS_PLATFORM (Michael S. Tsirkin) [Orabug: 32121107] \n- vhost_vdpa: Fix potential underflow in vhost_vdpa_mmap() (Dan Carpenter) [Orabug: 32121107] \n- vdpa: fix typos in the comments for __vdpa_alloc_device() (Jason Wang) [Orabug: 32121107] \n- vhost_vdpa: Support config interrupt in vdpa (Zhu Lingshan) [Orabug: 32121107] \n- vdpasim: Fix some coccinelle warnings (Samuel Zou) [Orabug: 32121107] \n- vhost_vdpa: disable doorbell mapping for !MMU (Michael S. Tsirkin) [Orabug: 32121107] \n- vhost_vdpa: support doorbell mapping via mmap (Jason Wang) [Orabug: 32121107] \n- vdpa: introduce get_vq_notification method (Jason Wang) [Orabug: 32121107] \n- vdpasim: remove unused variable ret (YueHaibing) [Orabug: 32121107] \n- vdpa: fix comment of vdpa_register_device() (Jason Wang) [Orabug: 32121107] \n- vdpa: make vhost, virtio depend on menu (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa: allow a 32 bit vq alignment (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpasim: Return status in vdpasim_get_status (YueHaibing) [Orabug: 32121107] \n- vhost: remove set but not used variable status (Jason Yan) [Orabug: 32121107] \n- vhost: vdpa: remove unnecessary null check (Gustavo A. R. Silva) [Orabug: 32121107] \n- vdpa-sim: depend on HAS_DMA (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa: move to drivers/vdpa (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpasim: vDPA device simulator (Jason Wang) [Orabug: 32121107] \n- vhost: introduce vDPA-based backend (Tiwei Bie) [Orabug: 32121107] \n- virtio: introduce a vDPA based transport (Jason Wang) [Orabug: 32121107] \n- vDPA: introduce vDPA bus (Jason Wang) [Orabug: 32121107] \n- scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Get sas_device objects using devices rphy (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Update hba_ports sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32242278] \n- kabi: fix issues with slab memory allocator. (Libo Chen) [Orabug: 32119767] \n- mm: memcg/slab: uncharge during kmem_cache_free_bulk() (Bharata B Rao) [Orabug: 32119767] \n- mm: memcg/slab: fix racy access to page->mem_cgroup in mem_cgroup_from_obj() (Roman Gushchin) [Orabug: 32119767] \n- mm: slab: fix potential double free in ___cache_free (Shakeel Butt) [Orabug: 32119767] \n- mm: memcontrol: restore proper dirty throttling when memory.high changes (Johannes Weiner) [Orabug: 32119767] \n- mm: memcontrol: avoid workload stalls when lowering memory.high (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: switch to static_branch_likely() in memcg_kmem_enabled() (Roman Gushchin) [Orabug: 32119767] \n- mm: slab: rename (un)charge_slab_page() to (un)account_slab_page() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: remove unused argument by charge_slab_page() (Roman Gushchin) [Orabug: 32119767] \n- tools/cgroup: add memcg_slabinfo.py tool (Roman Gushchin) [Orabug: 32119767] \n- kselftests: cgroup: add kernel memory accounting tests (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: use a single set of kmem_caches for all allocations (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: remove redundant check in memcg_accumulate_slabinfo() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: deprecate slab_root_caches (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: remove memcg_kmem_get_cache() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: simplify memcg cache creation (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: use a single set of kmem_caches for all accounted allocations (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: move memcg_kmem_bypass() to memcontrol.h (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: deprecate memory.kmem.slabinfo (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: charge individual slab objects instead of pages (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: save obj_cgroup for non-root slab objects (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: allocate obj_cgroups for non-root slab pages (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: obj_cgroup API (Roman Gushchin) [Orabug: 32119767] \n- mm: slub: implement SLUB version of obj_to_index() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg: convert vmstat slab counters to bytes (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg: prepare for byte-sized vmstat items (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg: factor out memcg- and lruvec-level changes out of __mod_lruvec_state() (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: make memcg_kmem_enabled() irreversible (Roman Gushchin) [Orabug: 32119767] \n- mm, slab/slub: improve error reporting and overhead of cache_from_obj() (Vlastimil Babka) [Orabug: 32119767] \n- mm, slub: introduce kmem_cache_debug_flags() (Vlastimil Babka) [Orabug: 32119767] \n- mm, slab: fix sign conversion problem in memcg_uncharge_slab() (Waiman Long) [Orabug: 32119767] \n- memcg: fix memcg_kmem_bypass() for remote memcg charging (Zefan Li) [Orabug: 32119767] \n- slub: Remove userspace notifier for cache add/remove (Christoph Lameter) [Orabug: 32119767] \n- mm: kmem: rename (__)memcg_kmem_(un)charge_memcg() to __memcg_kmem_(un)charge() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: cache page number in memcg_(un)charge_slab() (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: switch to nr_pages in (__)memcg_kmem_charge_memcg() (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: rename memcg_kmem_(un)charge() into memcg_kmem_(un)charge_page() (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: cleanup memcg_kmem_uncharge_memcg() arguments (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: cleanup (__)memcg_kmem_charge_memcg() arguments (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: use mem_cgroup_from_obj() (Roman Gushchin) [Orabug: 32119767] \n- mm/slub.c: avoid slub allocation while holding list_lock (Yu Zhao) [Orabug: 32119767] \n- mm: clean up and clarify lruvec lookup procedure (Johannes Weiner) [Orabug: 32119767] \n- mm: memcontrol: try harder to set a new memory.high (Johannes Weiner) [Orabug: 32119767] \n- mm/slub.c: clean up validate_slab() (Yu Zhao) [Orabug: 32119767] \n- Linux 5.4.83 (Greg Kroah-Hartman) \n- Revert geneve: pull IP header before ECN decapsulation (Jakub Kicinski) \n- x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (Masami Hiramatsu) \n- netfilter: nftables_offload: set address type in control dissector (Pablo Neira Ayuso) \n- netfilter: nf_tables: avoid false-postive lockdep splat (Florian Westphal) \n- Input: i8042 - fix error return code in i8042_setup_aux() (Luo Meng) \n- dm writecache: remove BUG() and fail gracefully instead (Mike Snitzer) \n- i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (Zhihao Cheng) \n- rtw88: debug: Fix uninitialized memory in debugfs code (Dan Carpenter) \n- ASoC: wm_adsp: fix error return code in wm_adsp_load() (Luo Meng) \n- tipc: fix a deadlock when flushing scheduled work (Hoang Huu Le) \n- netfilter: ipset: prevent uninit-value in hash_ip6_add (Eric Dumazet) \n- gfs2: check for empty rgrp tree in gfs2_ri_update (Bob Peterson) \n- can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check (Oliver Hartkopp) \n- lib/syscall: fix syscall registers retrieval on 32-bit platforms (Willy Tarreau) {CVE-2020-28588}\n- tracing: Fix userstacktrace option for instances (Steven Rostedt (VMware)) \n- iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs (Suravee Suthikulpanit) \n- spi: bcm2835: Release the DMA channel if probe fails after dma_init (Peter Ujfalusi) \n- i2c: imx: Check for I2SR_IAL after every byte (Christian Eggers) \n- i2c: imx: Fix reset of I2SR_IAL flag (Christian Eggers) \n- speakup: Reject setting the speakup line discipline outside of speakup (Samuel Thibault) \n- mm/swapfile: do not sleep with a spin lock held (Qian Cai) \n- mm: list_lru: set shrinker map bit when child nr_items is not zero (Yang Shi) \n- coredump: fix core_pattern parse error (Menglong Dong) \n- x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (Masami Hiramatsu) \n- dm: remove invalid sparse __acquires and __releases annotations (Mike Snitzer) \n- dm: fix bug with RCU locking in dm_blk_report_zones (Sergei Shtepa) \n- powerpc/pseries: Pass MSI affinity to irq_create_mapping() (Laurent Vivier) \n- genirq/irqdomain: Add an irq_create_mapping_affinity() function (Laurent Vivier) \n- powerpc/64s/powernv: Fix memory corruption when saving SLB entries on MCE (Nicholas Piggin) \n- dm writecache: fix the maximum number of arguments (Mikulas Patocka) \n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) \n- drm/i915/gt: Program mocs:63 for cache eviction on gen9 (Chris Wilson) \n- thunderbolt: Fix use-after-free in remove_unplugged_switch() (Mika Westerberg) \n- i2c: imx: Dont generate STOP condition if arbitration has been lost (Christian Eggers) \n- cifs: fix potential use-after-free in cifs_echo_request() (Paulo Alcantara) \n- cifs: allow syscalls to be restarted in __smb_send_rqst() (Paulo Alcantara) \n- ftrace: Fix updating FTRACE_FL_TRAMP (Naveen N. Rao) \n- ALSA: hda/generic: Add option to enforce preferred_dacs pairs (Takashi Iwai) \n- ALSA: hda/realtek - Add new codec supported for ALC897 (Kailang Yang) \n- ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (Jian-Hong Pan) \n- ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (Takashi Iwai) \n- ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (Takashi Iwai) \n- tty: Fix ->session locking (Jann Horn) \n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) \n- USB: serial: option: fix Quectel BG96 matching (Bjorn Mork) \n- USB: serial: option: add support for Thales Cinterion EXS82 (Giacinto Cifelli) \n- USB: serial: option: add Fibocom NL668 variants (Vincent Palatin) \n- USB: serial: ch341: sort device-id entries (Johan Hovold) \n- USB: serial: ch341: add new Product ID for CH341A (Jan-Niklas Burfeind) \n- USB: serial: kl5kusb105: fix memleak on open (Johan Hovold) \n- usb: gadget: f_fs: Use local copy of descriptors for userspace copy (Vamsi Krishna Samavedam) \n- Partially revert bpf: Zero-fill re-used per-cpu map element (Sasha Levin) \n- pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH) (Hans de Goede) \n- pinctrl: baytrail: Replace WARN with dev_info_once when setting direct-irq pin to output (Hans de Goede) \n- Linux 5.4.82 (Greg Kroah-Hartman) \n- RDMA/i40iw: Address an mmap handler exploit in i40iw (Shiraz Saleem) \n- tracing: Remove WARN_ON in start_thread() (Vasily Averin) \n- Input: i8042 - add ByteSpeed touchpad to noloop table (Po-Hsu Lin) \n- Input: xpad - support Ardwiino Controllers (Sanjay Govind) \n- ALSA: usb-audio: US16x08: fix value count for level meters (Hector Martin) \n- net/mlx5: Fix wrong address reclaim when command interface is down (Eran Ben Elisha) \n- net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (Yevgeny Kliteynik) \n- net/sched: act_mpls: ensure LSE is pullable before reading it (Davide Caratti) \n- net: openvswitch: ensure LSE is pullable before reading it (Davide Caratti) \n- net: skbuff: ensure LSE is pullable before decrementing the MPLS ttl (Davide Caratti) \n- net: mvpp2: Fix error return code in mvpp2_open() (Wang Hai) \n- chelsio/chtls: fix a double free in chtls_setkey() (Dan Carpenter) \n- vxlan: fix error return code in __vxlan_dev_create() (Zhang Changzhong) \n- net: pasemi: fix error return code in pasemi_mac_open() (Zhang Changzhong) \n- cxgb3: fix error return code in t3_sge_alloc_qset() (Zhang Changzhong) \n- net/x25: prevent a couple of overflows (Dan Carpenter) \n- net: ip6_gre: set dev->hard_header_len when using header_ops (Antoine Tenart) \n- geneve: pull IP header before ECN decapsulation (Eric Dumazet) \n- inet_ecn: Fix endianness of checksum update when setting ECT(1) (Toke Hoiland-Jorgensen) \n- ibmvnic: Fix TX completion error handling (Thomas Falcon) \n- ibmvnic: Ensure that SCRQ entry reads are correctly ordered (Thomas Falcon) \n- chelsio/chtls: fix panic during unload reload chtls (Vinay Kumar Yadav) \n- dt-bindings: net: correct interrupt flags in examples (Krzysztof Kozlowski) \n- ipv4: Fix tos mask in inet_rtm_getroute() (Guillaume Nault) \n- netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal (Antoine Tenart) \n- sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (Vincent Guittot) \n- ima: extend boot_aggregate with kernel measurements (Maurizio Drocco) \n- staging/octeon: fix up merge error (Randy Dunlap) \n- bonding: wait for sysfs kobject destruction before freeing struct slave (Jamie Iles) \n- usbnet: ipheth: fix connectivity with iOS 14 (Yves-Alexis Perez) \n- tun: honor IOCB_NOWAIT flag (Jens Axboe) \n- tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (Alexander Duyck) \n- sock: set sk_err to ee_errno on dequeue from errq (Willem de Bruijn) \n- rose: Fix Null pointer dereference in rose_send_frame() (Anmol Karn) \n- net/tls: Protect from calling tls_dev_del for TLS RX twice (Maxim Mikityanskiy) \n- net/tls: missing received data after fast remote close (Vadim Fedorenko) \n- net/af_iucv: set correct sk_protocol for child sockets (Julian Wiedmann) \n- ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init (Wang Hai) \n- devlink: Hold rtnl lock while reading netdev attributes (Parav Pandit)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-03-31T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14381", "CVE-2020-25639", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-28374", "CVE-2020-28588", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-36158", "CVE-2021-20177", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-3347", "CVE-2021-3348", "CVE-2021-3444"], "modified": "2021-03-31T00:00:00", "id": "ELSA-2021-9140", "href": "http://linux.oracle.com/errata/ELSA-2021-9140.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-12T18:39:51", "description": "[4.18.0-348.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5\n[4.18.0-348]\n- drm/nouveau/fifo/ga102: initialise chid on return from channel creation (Ben Skeggs) [1997878]\n- drm/nouveau/ga102-: support ttm buffer moves via copy engine (Ben Skeggs) [1997878]\n- drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (Ben Skeggs) [1997878]\n- drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (Ben Skeggs) [1997878]\n- drm/nouveau/disp: power down unused DP links during init (Ben Skeggs) [1997878]\n- drm/nouveau: recognise GA107 (Ben Skeggs) [1997878]\n[4.18.0-347]\n- PCI: Mark TI C667X to avoid bus reset (Alex Williamson) [1975768]\n[4.18.0-346]\n- redhat: switch secureboot kernel image signing to release keys (Bruno Meneguele)\n- CI: handle RT branches in a single config (Veronika Kabatova)\n- CI: Fix RT check branch name (Veronika Kabatova)\n- CI: Drop private CI config (Veronika Kabatova)\n- CI: extend template use (Veronika Kabatova)\n- Revert 'Merge: mt7921e: enable new Mediatek wireless hardware' (Bruno Meneguele) [2009501]\n- megaraid_sas: fix concurrent access to ISR between IRQ polling and real interrupt (Tomas Henzl) [2009022]\n- scsi: megaraid_sas: mq_poll support (Tomas Henzl) [2009022]\n- [PATCH v2] scsi: qla2xxx: Suppress unnecessary log messages during login (Nilesh Javali) [1982186]\n- scsi: qla2xxx: Fix excessive messages during device logout (Nilesh Javali) [1982186]\n- PCI: pciehp: Ignore Link Down/Up caused by DPC (Myron Stowe) [1981741]\n- arm64: kpti: Fix 'kpti=off' when KASLR is enabled (Mark Salter) [1979731]\n- arm64: Fix CONFIG_ARCH_RANDOM=n build (Mark Salter) [1979731]\n- redhat/configs: aarch64: add CONFIG_ARCH_RANDOM (Mark Salter) [1979731]\n- arm64: Implement archrandom.h for ARMv8.5-RNG (Mark Salter) [1979731]\n- arm64: kconfig: Fix alignment of E0PD help text (Mark Salter) [1979731]\n- arm64: Use register field helper in kaslr_requires_kpti() (Mark Salter) [1979731]\n- arm64: Simplify early check for broken TX1 when KASLR is enabled (Mark Salter) [1979731]\n- arm64: Use a variable to store non-global mappings decision (Mark Salter) [1979731]\n- arm64: Dont use KPTI where we have E0PD (Mark Salter) [1979731]\n- arm64: Factor out checks for KASLR in KPTI code into separate function (Mark Salter) [1979731]\n- redhat/configs: Add CONFIG_ARM64_E0PD (Mark Salter) [1979731]\n- arm64: Add initial support for E0PD (Mark Salter) [1979731]\n- arm64: cpufeature: Export matrix and other features to userspace (Mark Salter) [1980098]\n- arm64: docs: cpu-feature-registers: Document ID_AA64PFR1_EL1 (Mark Salter) [1980098]\n- docs/arm64: cpu-feature-registers: Rewrite bitfields that dont follow [e, s] (Mark Salter) [1980098]\n- docs/arm64: cpu-feature-registers: Documents missing visible fields (Mark Salter) [1980098]\n- arm64: Introduce system_capabilities_finalized() marker (Mark Salter) [1980098]\n- arm64: entry.S: Do not preempt from IRQ before all cpufeatures are enabled (Mark Salter) [1980098]\n- docs/arm64: elf_hwcaps: Document HWCAP_SB (Mark Salter) [1980098]\n- docs/arm64: elf_hwcaps: sort the HWCAP{, 2} documentation by ascending value (Mark Salter) [1980098]\n- arm64: cpufeature: Treat ID_AA64ZFR0_EL1 as RAZ when SVE is not enabled (Mark Salter) [1980098]\n- arm64: cpufeature: Effectively expose FRINT capability to userspace (Mark Salter) [1980098]\n- arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (Mark Salter) [1980098]\n- arm64: Expose FRINT capabilities to userspace (Mark Salter) [1980098]\n- arm64: Expose ARMv8.5 CondM capability to userspace (Mark Salter) [1980098]\n- docs: arm64: convert perf.txt to ReST format (Mark Salter) [1980098]\n- docs: arm64: convert docs to ReST and rename to .rst (Mark Salter) [1980098]\n- Documentation/arm64: HugeTLB page implementation (Mark Salter) [1980098]\n- Documentation/arm64/sve: Couple of improvements and typos (Mark Salter) [1980098]\n- arm64: cpufeature: Fix missing ZFR0 in __read_sysreg_by_encoding() (Mark Salter) [1980098]\n- arm64: Expose SVE2 features for userspace (Mark Salter) [1980098]\n- arm64: Advertise ARM64_HAS_DCPODP cpu feature (Mark Salter) [1980098]\n- arm64: add CVADP support to the cache maintenance helper (Mark Salter) [1980098]\n- arm64: Fix minor issues with the dcache_by_line_op macro (Mark Salter) [1980098]\n- arm64: Expose DC CVADP to userspace (Mark Salter) [1980098]\n- arm64: Handle trapped DC CVADP (Mark Salter) [1980098]\n- arm64: HWCAP: encapsulate elf_hwcap (Mark Salter) [1980098]\n- arm64: HWCAP: add support for AT_HWCAP2 (Mark Salter) [1980098]\n- x86/MCE/AMD, EDAC/mce_amd: Add new SMCA bank types (Aristeu Rozanski) [1965331]\n- x86/MCE/AMD, EDAC/mce_amd: Remove struct smca_hwid.xec_bitmap (Aristeu Rozanski) [1965331]\n- EDAC, mce_amd: Print ExtErrorCode and description on a single line (Aristeu Rozanski) [1965331]\n[4.18.0-345]\n- e1000e: Do not take care about recovery NVM checksum (Ken Cox) [1984558]\n- qrtr: disable CONFIG_QRTR for non x86_64 archs (inigo Huguet) [1999642]\n- ceph: fix possible null-pointer dereference in ceph_mdsmap_decode() (Jeff Layton) [1989999]\n- ceph: fix dereference of null pointer cf (Jeff Layton) [1989999]\n- ceph: correctly handle releasing an embedded cap flush (Jeff Layton) [1989999]\n- ceph: take snap_empty_lock atomically with snaprealm refcount change (Jeff Layton) [1989999]\n- ceph: dont WARN if were still opening a session to an MDS (Jeff Layton) [1989999]\n- rbd: dont hold lock_rwsem while running_list is being drained (Jeff Layton) [1989999]\n- rbd: always kick acquire on 'acquired' and 'released' notifications (Jeff Layton) [1989999]\n- ceph: take reference to req->r_parent at point of assignment (Jeff Layton) [1989999]\n- ceph: eliminate ceph_async_iput() (Jeff Layton) [1989999]\n- ceph: dont take s_mutex in ceph_flush_snaps (Jeff Layton) [1989999]\n- ceph: dont take s_mutex in try_flush_caps (Jeff Layton) [1989999]\n- ceph: dont take s_mutex or snap_rwsem in ceph_check_caps (Jeff Layton) [1989999]\n- ceph: eliminate session->s_gen_ttl_lock (Jeff Layton) [1989999]\n- ceph: allow ceph_put_mds_session to take NULL or ERR_PTR (Jeff Layton) [1989999]\n- ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (Jeff Layton) [1989999]\n- ceph: add some lockdep assertions around snaprealm handling (Jeff Layton) [1989999]\n- ceph: decoding error in ceph_update_snap_realm should return -EIO (Jeff Layton) [1989999]\n- ceph: add IO size metrics support (Jeff Layton) [1989999]\n- ceph: update and rename __update_latency helper to __update_stdev (Jeff Layton) [1989999]\n- ceph: simplify the metrics struct (Jeff Layton) [1989999]\n- libceph: fix doc warnings in cls_lock_client.c (Jeff Layton) [1989999]\n- libceph: remove unnecessary ret variable in ceph_auth_init() (Jeff Layton) [1989999]\n- libceph: kill ceph_none_authorizer::reply_buf (Jeff Layton) [1989999]\n- ceph: make ceph_queue_cap_snap static (Jeff Layton) [1989999]\n- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (Jeff Layton) [1989999]\n- libceph: set global_id as soon as we get an auth ticket (Jeff Layton) [1989999]\n- libceph: dont pass result into ac->ops->handle_reply() (Jeff Layton) [1989999]\n- ceph: fix error handling in ceph_atomic_open and ceph_lookup (Jeff Layton) [1989999]\n- ceph: must hold snap_rwsem when filling inode for async create (Jeff Layton) [1989999]\n- libceph: Fix spelling mistakes (Jeff Layton) [1989999]\n- libceph: dont set global_id until we get an auth ticket (Jeff Layton) [1989999]\n- libceph: bump CephXAuthenticate encoding version (Jeff Layton) [1989999]\n- ceph: dont allow access to MDS-private inodes (Jeff Layton) [1989999]\n- ceph: fix up some bare fetches of i_size (Jeff Layton) [1989999]\n- ceph: support getting ceph.dir.rsnaps vxattr (Jeff Layton) [1989999]\n- ceph: drop pinned_page parameter from ceph_get_caps (Jeff Layton) [1989999]\n- ceph: fix inode leak on getattr error in __fh_to_dentry (Jeff Layton) [1989999]\n- ceph: only check pool permissions for regular files (Jeff Layton) [1989999]\n- ceph: send opened files/pinned caps/opened inodes metrics to MDS daemon (Jeff Layton) [1989999]\n- ceph: avoid counting the same request twice or more (Jeff Layton) [1989999]\n- ceph: rename the metric helpers (Jeff Layton) [1989999]\n- ceph: fix kerneldoc copypasta over ceph_start_io_direct (Jeff Layton) [1989999]\n- ceph: dont use d_add in ceph_handle_snapdir (Jeff Layton) [1989999]\n- ceph: dont clobber i_snap_caps on non-I_NEW inode (Jeff Layton) [1989999]\n- ceph: fix fall-through warnings for Clang (Jeff Layton) [1989999]\n- net: ceph: Fix a typo in osdmap.c (Jeff Layton) [1989999]\n- ceph: dont allow type or device number to change on non-I_NEW inodes (Jeff Layton) [1989999]\n- ceph: defer flushing the capsnap if the Fb is used (Jeff Layton) [1989999]\n- ceph: allow queueing cap/snap handling after putting cap references (Jeff Layton) [1989999]\n- ceph: clean up inode work queueing (Jeff Layton) [1989999]\n- ceph: fix flush_snap logic after putting caps (Jeff Layton) [1989999]\n- libceph: fix 'Boolean result is used in bitwise operation' warning (Jeff Layton) [1989999]\n- new helper: inode_wrong_type() (Jeff Layton) [1989999]\n- kabi: Adding symbol single_release (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol single_open (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol seq_read (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol seq_printf (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol seq_lseek (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol unregister_chrdev_region (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol cdev_init (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol cdev_del (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol cdev_alloc (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol cdev_add (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol alloc_chrdev_region (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol pcie_capability_read_word (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pcie_capability_read_dword (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pcie_capability_clear_and_set_word (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_write_config_dword (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_write_config_byte (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_set_power_state (drivers/pci/pci.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_read_config_dword (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_read_config_byte (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_irq_vector (drivers/pci/msi.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_get_device (drivers/pci/search.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_free_irq_vectors (drivers/pci/msi.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_alloc_irq_vectors_affinity (drivers/pci/msi.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol kexec_crash_loaded (kernel/kexec_core.c) (cestmir Kalina) [1945491]\n[4.18.0-344]\n- perf/x86/intel: Fix PEBS-via-PT reload base value for Extended PEBS (Michael Petlan) [1998051]\n- perf/x86/intel/uncore: Fix Add BW copypasta (Michael Petlan) [1998051]\n- perf/x86/intel/uncore: Add BW counters for GT, IA and IO breakdown (Michael Petlan) [1998051]\n- Revert 'ice: Add initial support framework for LAG' (Michal Schmidt) [1999016]\n- net: re-initialize slow_gro flag at gro_list_prepare time (Paolo Abeni) [2002367]\n- cxgb4: dont touch blocked freelist bitmap after free (Rahul Lakkireddy) [1998148]\n- cxgb4vf: configure ports accessible by the VF (Rahul Lakkireddy) [1961329]\n- scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (Dick Kennedy) [1976332]\n- scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (Dick Kennedy) [1976332]\n- scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (Dick Kennedy) [1976332]\n[4.18.0-343]\n- rcu: Avoid unneeded function call in rcu_read_unlock() (Waiman Long) [1997500]\n- mt76: connac: do not schedule mac_work if the device is not running (Inigo Huguet) [1956419 1972045]\n- mt7921e: enable module in config (Inigo Huguet) [1956419 1972045]\n- Revert tools/power/cpupower: Read energy_perf_bias from sysfs (Steve Best) [1999926]\n- libnvdimm/namespace: Differentiate between probe mapping and runtime mapping (Jeff Moyer) [1795719]\n- libnvdimm/pfn_dev: Dont clear device memmap area during generic namespace probe (Jeff Moyer) [1795719]\n- perf/x86/intel/uncore: Clean up error handling path of iio mapping (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Fix for iio mapping on Skylake Server (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Generic support for the MMIO type of uncore blocks (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Generic support for the PCI type of uncore blocks (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Rename uncore_notifier to uncore_pci_sub_notifier (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Generic support for the MSR type of uncore blocks (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Parse uncore discovery tables (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Expose an Uncore unit to IIO PMON mapping (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Wrap the max dies calculation into an accessor (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Expose an Uncore unit to PMON mapping (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Validate MMIO address before accessing (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Record the size of mapped area (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Fix oops when counting IMC uncore events on some TGL (Michael Petlan) [1837330]\n- crypto: qat - remove unused macro in FW loader (Vladis Dronov) [1920086]\n- crypto: qat - check return code of qat_hal_rd_rel_reg() (Vladis Dronov) [1920086]\n- crypto: qat - report an error if MMP file size is too large (Vladis Dronov) [1920086]\n- crypto: qat - check MMP size before writing to the SRAM (Vladis Dronov) [1920086]\n- crypto: qat - return error when failing to map FW (Vladis Dronov) [1920086]\n- crypto: qat - enable detection of accelerators hang (Vladis Dronov) [1920086]\n- crypto: qat - Fix a double free in adf_create_ring (Vladis Dronov) [1920086]\n- crypto: qat - fix error path in adf_isr_resource_alloc() (Vladis Dronov) [1920086]\n- crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (Vladis Dronov) [1920086]\n- crypto: qat - dont release uninitialized resources (Vladis Dronov) [1920086]\n- crypto: qat - fix use of 'dma_map_single' (Vladis Dronov) [1920086]\n- crypto: qat - fix unmap invalid dma address (Vladis Dronov) [1920086]\n- crypto: qat - fix spelling mistake: 'messge' -> 'message' (Vladis Dronov) [1920086]\n- crypto: qat - reduce size of mapped region (Vladis Dronov) [1920086]\n- crypto: qat - change format string and cast ring size (Vladis Dronov) [1920086]\n- crypto: qat - fix potential spectre issue (Vladis Dronov) [1920086]\n- crypto: qat - configure arbiter mapping based on engines enabled (Vladis Dronov) [1920086]\n[4.18.0-342]\n- selftest: netfilter: add test case for unreplied tcp connections (Florian Westphal) [1991523]\n- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (Florian Westphal) [1991523]\n- net/sched: store the last executed chain also for clsact egress (Davide Caratti) [1980537]\n- ice: fix Tx queue iteration for Tx timestamp enablement (Ken Cox) [1999743]\n- perf evsel: Add missing cloning of evsel->use_config_name (Michael Petlan) [1838635]\n- perf Documentation: Document intel-hybrid support (Michael Petlan) [1838635]\n- perf tests: Skip 'perf stat metrics (shadow stat) test' for hybrid (Michael Petlan) [1838635]\n- perf tests: Support 'Convert perf time to TSC' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Support 'Session topology' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Support 'Parse and process metrics' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Support 'Track with sched_switch' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Skip 'Setup struct perf_event_attr' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Add hybrid cases for 'Roundtrip evsel->name' test (Michael Petlan) [1838635]\n- perf tests: Add hybrid cases for 'Parse event definition strings' test (Michael Petlan) [1838635]\n- perf record: Uniquify hybrid event name (Michael Petlan) [1838635]\n- perf stat: Warn group events from different hybrid PMU (Michael Petlan) [1838635]\n- perf stat: Filter out unmatched aggregation for hybrid event (Michael Petlan) [1838635]\n- perf stat: Add default hybrid events (Michael Petlan) [1838635]\n- perf record: Create two hybrid 'cycles' events by default (Michael Petlan) [1838635]\n- perf parse-events: Support event inside hybrid pmu (Michael Petlan) [1838635]\n- perf parse-events: Compare with hybrid pmu name (Michael Petlan) [1838635]\n- perf parse-events: Create two hybrid raw events (Michael Petlan) [1838635]\n- perf parse-events: Create two hybrid cache events (Michael Petlan) [1838635]\n- perf parse-events: Create two hybrid hardware events (Michael Petlan) [1838635]\n- perf stat: Uniquify hybrid event name (Michael Petlan) [1838635]\n- perf pmu: Add hybrid helper functions (Michael Petlan) [1838635]\n- perf pmu: Save detected hybrid pmus to a global pmu list (Michael Petlan) [1838635]\n- perf pmu: Save pmu name (Michael Petlan) [1838635]\n- perf pmu: Simplify arguments of __perf_pmu__new_alias (Michael Petlan) [1838635]\n- perf jevents: Support unit value 'cpu_core' and 'cpu_atom' (Michael Petlan) [1838635]\n- tools headers uapi: Update toolss copy of linux/perf_event.h (Michael Petlan) [1838635]\n[4.18.0-341]\n- mptcp: Only send extra TCP acks in eligible socket states (Paolo Abeni) [1997178]\n- mptcp: fix possible divide by zero (Paolo Abeni) [1997178]\n- mptcp: drop tx skb cache (Paolo Abeni) [1997178]\n- mptcp: fix memory leak on address flush (Paolo Abeni) [1997178]\n- ice: Only lock to update netdev dev_addr (Michal Schmidt) [1995868]\n- ice: restart periodic outputs around time changes (Ken Cox) [1992750]\n- ice: Fix perout start time rounding (Ken Cox) [1992750]\n- net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (Davide Caratti) [1981184]\n- ovl: prevent private clone if bind mount is not allowed (Miklos Szeredi) [1993131] {CVE-2021-3732}\n- gfs2: Dont call dlm after protocol is unmounted (Bob Peterson) [1997193]\n- gfs2: dont stop reads while withdraw in progress (Bob Peterson) [1997193]\n- gfs2: Mark journal inodes as 'dont cache' (Bob Peterson) [1997193]\n- bpf: bpftool: Add -fno-asynchronous-unwind-tables to BPF Clang invocation (Yauheni Kaliuta) [1997124]\n- perf/x86/intel: Apply mid ACK for small core (Michael Petlan) [1838573]\n- perf/x86/intel/lbr: Zero the xstate buffer on allocation (Michael Petlan) [1838573]\n- perf: Fix task context PMU for Hetero (Michael Petlan) [1838573]\n- perf/x86/intel: Fix fixed counter check warning for some Alder Lake (Michael Petlan) [1838573]\n- perf/x86/lbr: Remove cpuc->lbr_xsave allocation from atomic context (Michael Petlan) [1838573]\n- x86/fpu/xstate: Fix an xstate size check warning with architectural LBRs (Michael Petlan) [1838573]\n- perf/x86/rapl: Add support for Intel Alder Lake (Michael Petlan) [1838573]\n- perf/x86/cstate: Add Alder Lake CPU support (Michael Petlan) [1838573]\n- perf/x86/msr: Add Alder Lake CPU support (Michael Petlan) [1838573]\n- perf/x86/intel/uncore: Add Alder Lake support (Michael Petlan) [1838573]\n- perf: Extend PERF_TYPE_HARDWARE and PERF_TYPE_HW_CACHE (Michael Petlan) [1838573]\n- perf/x86/intel: Add Alder Lake Hybrid support (Michael Petlan) [1838573]\n- perf/x86: Support filter_match callback (Michael Petlan) [1838573]\n- perf/x86/intel: Add attr_update for Hybrid PMUs (Michael Petlan) [1838573]\n- perf/x86: Add structures for the attributes of Hybrid PMUs (Michael Petlan) [1838573]\n- perf/x86: Register hybrid PMUs (Michael Petlan) [1838573]\n- perf/x86: Factor out x86_pmu_show_pmu_cap (Michael Petlan) [1838573]\n- perf/x86: Remove temporary pmu assignment in event_init (Michael Petlan) [1838573]\n- perf/x86/intel: Factor out intel_pmu_check_extra_regs (Michael Petlan) [1838573]\n- perf/x86/intel: Factor out intel_pmu_check_event_constraints (Michael Petlan) [1838573]\n- perf/x86/intel: Factor out intel_pmu_check_num_counters (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for extra_regs (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for event constraints (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for hardware cache event (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for unconstrained (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for counters (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for intel_ctrl (Michael Petlan) [1838573]\n- perf/x86/intel: Hybrid PMU support for perf capabilities (Michael Petlan) [1838573]\n- perf/x86: Track pmu in per-CPU cpu_hw_events (Michael Petlan) [1838573]\n- perf/x86/intel/lbr: Support XSAVES for arch LBR read (Michael Petlan) [1838573]\n- perf/x86/intel/lbr: Support XSAVES/XRSTORS for LBR context switch (Michael Petlan) [1838573]\n- x86/fpu/xstate: Add helpers for LBR dynamic supervisor feature (Michael Petlan) [1838573]\n- x86/fpu/xstate: Support dynamic supervisor feature for LBR (Michael Petlan) [1838573]\n- x86/fpu: Use proper mask to replace full instruction mask (Michael Petlan) [1838573]\n- x86/cpu: Add helper function to get the type of the current hybrid CPU (Michael Petlan) [1838573]\n- x86/cpufeatures: Enumerate Intel Hybrid Technology feature bit (Michael Petlan) [1838573]\n- HID: make arrays usage and value to be the same (Benjamin Tissoires) [1974942]\n- ACPI: PM: s2idle: Invert Microsoft UUID entry and exit (David Arcari) [1960440]\n- platform/x86: amd-pmc: Fix undefined reference to __udivdi3 (David Arcari) [1960440]\n- platform/x86: amd-pmc: Fix missing unlock on error in amd_pmc_send_cmd() (David Arcari) [1960440]\n- platform/x86: amd-pmc: Use return code on suspend (David Arcari) [1960440]\n- platform/x86: amd-pmc: Add new acpi id for future PMC controllers (David Arcari) [1960440]\n- platform/x86: amd-pmc: Add support for ACPI ID AMDI0006 (David Arcari) [1960440]\n- platform/x86: amd-pmc: Add support for logging s0ix counters (David Arcari) [1960440]\n- platform/x86: amd-pmc: Add support for logging SMU metrics (David Arcari) [1960440]\n- platform/x86: amd-pmc: call dump registers only once (David Arcari) [1960440]\n- platform/x86: amd-pmc: Fix SMU firmware reporting mechanism (David Arcari) [1960440]\n- platform/x86: amd-pmc: Fix command completion code (David Arcari) [1960440]\n- usb: pci-quirks: disable D3cold on xhci suspend for s2idle on AMD Renoir (David Arcari) [1960440]\n- ACPI: PM: Only mark EC GPE for wakeup on Intel systems (David Arcari) [1960440]\n- ACPI: PM: Adjust behavior for field problems on AMD systems (David Arcari) [1960440]\n- ACPI: PM: s2idle: Add support for new Microsoft UUID (David Arcari) [1960440]\n- ACPI: PM: s2idle: Add support for multiple func mask (David Arcari) [1960440]\n- ACPI: PM: s2idle: Refactor common code (David Arcari) [1960440]\n- ACPI: PM: s2idle: Use correct revision id (David Arcari) [1960440]\n- ACPI: PM: s2idle: Add missing LPS0 functions for AMD (David Arcari) [1960440]\n- lockd: Fix invalid lockowner cast after vfs_test_lock (Benjamin Coddington) [1986138]\n[4.18.0-340]\n- blk-mq: fix is_flush_rq (Ming Lei) [1992700]\n- blk-mq: fix kernel panic during iterating over flush request (Ming Lei) [1992700]\n[4.18.0-339]\n- smb2: fix use-after-free in smb2_ioctl_query_info() (Ronnie Sahlberg) [1952781]\n- dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (Mike Snitzer) [1996854]\n- md/raid10: Remove rcu_dereference when it doesnt need rcu lock to protect (Nigel Croxon) [1978115]\n- scsi: csiostor: Mark known unused variable as __always_unused (Raju Rangoju) [1961333]\n- scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (Raju Rangoju) [1961333]\n- scsi: csiostor: Remove set but not used variable 'rln' (Raju Rangoju) [1961333]\n- scsi: csiostor: Return value not required for csio_dfs_destroy (Raju Rangoju) [1961333]\n- scsi: csiostor: Fix NULL check before debugfs_remove_recursive (Raju Rangoju) [1961333]\n- scsi: csiostor: Dont enable IRQs too early (Raju Rangoju) [1961333]\n- scsi: csiostor: Fix spelling typos (Raju Rangoju) [1961333]\n- scsi: csiostor: Prefer pcie_capability_read_word() (Raju Rangoju) [1961333]\n- scsi: target: cxgbit: Unmap DMA buffer before calling target_execute_cmd() (Raju Rangoju) [1961394]\n- net: Use skb_frag_off accessors (Raju Rangoju) [1961394]\n- net: Use skb accessors in network drivers (Raju Rangoju) [1961394]\n- cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (Raju Rangoju) [1961394]\n- scsi: libcxgbi: Fix a use after free in cxgbi_conn_xmit_pdu() (Raju Rangoju) [1961394]\n- scsi: libcxgbi: Use kvzalloc instead of opencoded kzalloc/vzalloc (Raju Rangoju) [1961394]\n- scsi: libcxgbi: Remove unnecessary NULL checks for 'tdata' pointer (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Remove an unnecessary NULL check for 'cconn' pointer (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Clean up a debug printk (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Fix dereference of pointer tdata before it is null checked (Raju Rangoju) [1961394]\n- scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() (Raju Rangoju) [1961394]\n- scsi: libcxgbi: remove unused function to stop warning (Raju Rangoju) [1961394]\n- scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() (Raju Rangoju) [1961394]\n- net/chelsio: Delete drive and module versions (Raju Rangoju) [1961394]\n- chelsio: Replace zero-length array with flexible-array member (Raju Rangoju) [1961394]\n- [netdrv] treewide: prefix header search paths with / (Raju Rangoju) [1961394]\n- libcxgb: fix incorrect ppmax calculation (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Fix TLS dependency (Raju Rangoju) [1961394]\n- [target] treewide: Use fallthrough pseudo-keyword (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Add support for iSCSI segmentation offload (Raju Rangoju) [1961394]\n- [target] treewide: Use sizeof_field() macro (Raju Rangoju) [1961394]\n- [target] treewide: replace '---help---' in Kconfig files with 'help' (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Remove superfluous null check (Raju Rangoju) [1961394]\n[4.18.0-338]\n- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) (Jon Maloy) [1985413] {CVE-2021-3653}\n- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) (Jon Maloy) [1985430] {CVE-2021-3656}\n- drm/i915/rkl: Remove require_force_probe protection (Lyude Paul) [1985159]\n- drm/i915/display: support ddr5 mem types (Lyude Paul) [1992233]\n- drm/i915/adl_s: Update ddi buf translation tables (Lyude Paul) [1992233]\n- drm/i915/adl_s: Wa_14011765242 is also needed on A1 display stepping (Lyude Paul) [1992233]\n- drm/i915/adl_s: Extend Wa_1406941453 (Lyude Paul) [1992233]\n- drm/i915: Implement Wa_1508744258 (Lyude Paul) [1992233]\n- drm/i915/adl_s: Fix dma_mask_size to 39 bit (Lyude Paul) [1992233]\n- drm/i915: Add the missing adls vswing tables (Lyude Paul) [1992233]\n- drm/i915: Add Wa_14011060649 (Lyude Paul) [1992233]\n- drm/i915/adl_s: Add Interrupt Support (Lyude Paul) [1992233]\n- drm/amdgpu: add another Renoir DID (Lyude Paul) [1980900]\n[4.18.0-337]\n- net/mlx5: Fix flow table chaining (Amir Tzin) [1987139]\n- openvswitch: fix sparse warning incorrect type (Mark Gray) [1992773]\n- openvswitch: fix alignment issues (Mark Gray) [1992773]\n- openvswitch: update kdoc OVS_DP_ATTR_PER_CPU_PIDS (Mark Gray) [1992773]\n- openvswitch: Introduce per-cpu upcall dispatch (Mark Gray) [1992773]\n- KVM: X86: Expose bus lock debug exception to guest (Paul Lai) [1842322]\n- KVM: X86: Add support for the emulation of DR6_BUS_LOCK bit (Paul Lai) [1842322]\n- scsi: libfc: Fix array index out of bound exception (Chris Leech) [1972643]\n- scsi: libfc: FDMI enhancements (Chris Leech) [1972643]\n- scsi: libfc: Add FDMI-2 attributes (Chris Leech) [1972643]\n- scsi: qedf: Add vendor identifier attribute (Chris Leech) [1972643]\n- scsi: libfc: Initialisation of RHBA and RPA attributes (Chris Leech) [1972643]\n- scsi: libfc: Correct the condition check and invalid argument passed (Chris Leech) [1972643]\n- scsi: libfc: Work around -Warray-bounds warning (Chris Leech) [1972643]\n- scsi: fc: FDMI enhancement (Chris Leech) [1972643]\n- scsi: libfc: Move scsi/fc_encode.h to libfc (Chris Leech) [1972643]\n- scsi: fc: Correct RHBA attributes length (Chris Leech) [1972643]\n- block: return ELEVATOR_DISCARD_MERGE if possible (Ming Lei) [1991976]\n- x86/fpu: Prevent state corruption in __fpu__restore_sig() (Terry Bowman) [1970086]\n- x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer (Terry Bowman) [1970086]\n- x86/pkru: Write hardware init value to PKRU when xstate is init (Terry Bowman) [1970086]\n- x86/process: Check PF_KTHREAD and not current->mm for kernel threads (Terry Bowman) [1970086]\n- x86/fpu: Add address range checks to copy_user_to_xstate() (Terry Bowman) [1970086]\n- selftests/x86: Test signal frame XSTATE header corruption handling (Terry Bowman) [1970086]\n- Bump DRM backport version to 5.12.14 (Lyude Paul) [1944405]\n- drm/i915: Use the correct max source link rate for MST (Lyude Paul) [1944405 1966599]\n- drm/dp_mst: Use Extended Base Receiver Capability DPCD space (Lyude Paul) [1944405 1966599]\n- drm/i915/display: Defeature PSR2 for RKL and ADL-S (Lyude Paul) [1944405]\n- drm/i915/adl_s: ADL-S platform Update PCI ids for Mobile BGA (Lyude Paul) [1944405]\n- drm/amdgpu: wait for moving fence after pinning (Lyude Paul) [1944405]\n- drm/radeon: wait for moving fence after pinning (Lyude Paul) [1944405]\n- drm/nouveau: wait for moving fence after pinning v2 (Lyude Paul) [1944405]\n- radeon: use memcpy_to/fromio for UVD fw upload (Lyude Paul) [1944405]\n- drm/amd/amdgpu:save psp ring wptr to avoid attack (Lyude Paul) [1944405]\n- drm/amd/display: Fix potential memory leak in DMUB hw_init (Lyude Paul) [1944405]\n- drm/amdgpu: refine amdgpu_fru_get_product_info (Lyude Paul) [1944405]\n- drm/amd/display: Allow bandwidth validation for 0 streams. (Lyude Paul) [1944405]\n- drm: Lock pointer access in drm_master_release() (Lyude Paul) [1944405]\n- drm: Fix use-after-free read in drm_getunique() (Lyude Paul) [1944405]\n- drm/amdgpu: make sure we unpin the UVD BO (Lyude Paul) [1944405]\n- drm/amdgpu: Dont query CE and UE errors (Lyude Paul) [1944405]\n- drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (Lyude Paul) [1944405]\n- drm/i915/selftests: Fix return value check in live_breadcrumbs_smoketest() (Lyude Paul) [1944405]\n- drm/amdgpu: stop touching sched.ready in the backend (Lyude Paul) [1944405]\n- drm/amd/amdgpu: fix a potential deadlock in gpu reset (Lyude Paul) [1944405]\n- drm/amdgpu: Fix a use-after-free (Lyude Paul) [1944405]\n- drm/amd/amdgpu: fix refcount leak (Lyude Paul) [1944405]\n- drm/amd/display: Disconnect non-DP with no EDID (Lyude Paul) [1944405]\n- drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error (Lyude Paul) [1944405]\n- drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amd/pm: correct MGpuFanBoost setting (Lyude Paul) [1944405]\n- drm/i915: Reenable LTTPR non-transparent LT mode for DPCD_REV<1.4 (Lyude Paul) [1944405]\n- drm/i915/gt: Disable HiZ Raw Stall Optimization on broken gen7 (Lyude Paul) [1944405]\n- dma-buf: fix unintended pin/unpin warnings (Lyude Paul) [1944405]\n- drm/amdgpu: update sdma golden setting for Navi12 (Lyude Paul) [1944405]\n- drm/amdgpu: update gc golden setting for Navi12 (Lyude Paul) [1944405]\n- drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (Lyude Paul) [1944405]\n- drm/amdgpu: Fix GPU TLB update error when PAGE_SIZE > AMDGPU_PAGE_SIZE (Lyude Paul) [1944405]\n- drm/radeon: use the dummy page for GART if needed (Lyude Paul) [1944405]\n- drm/amd/display: Use the correct max downscaling value for DCN3.x family (Lyude Paul) [1944405]\n- drm/i915/gem: Pin the L-shape quirked object as unshrinkable (Lyude Paul) [1944405]\n- drm/ttm: Do not add non-system domain BO into swap list (Lyude Paul) [1944405]\n- drm/amd/display: Fix two cursor duplication when using overlay (Lyude Paul) [1944405]\n- amdgpu/pm: Prevent force of DCEFCLK on NAVI10 and SIENNA_CICHLID (Lyude Paul) [1944405]\n- drm/i915/display: fix compiler warning about array overrun (Lyude Paul) [1944405]\n- drm/i915: Fix crash in auto_retire (Lyude Paul) [1944405]\n- drm/i915/overlay: Fix active retire callback alignment (Lyude Paul) [1944405]\n- drm/i915: Read C0DRB3/C1DRB3 as 16 bits again (Lyude Paul) [1944405]\n- drm/i915/gt: Fix a double free in gen8_preallocate_top_level_pdp (Lyude Paul) [1944405]\n- drm/i915/dp: Use slow and wide link training for everything (Lyude Paul) [1944405]\n- drm/i915: Avoid div-by-zero on gen2 (Lyude Paul) [1944405]\n- drm/amd/display: Initialize attribute for hdcp_srm sysfs file (Lyude Paul) [1944405]\n- drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (Lyude Paul) [1944405]\n- drm/radeon: Avoid power table parsing memory leaks (Lyude Paul) [1944405]\n- drm/radeon: Fix off-by-one power_state index heap overwrite (Lyude Paul) [1944405]\n- drm/amdgpu: Add mem sync flag for IB allocated by SA (Lyude Paul) [1944405]\n- drm/amd/display: add handling for hdcp2 rx id list validation (Lyude Paul) [1944405]\n- drm/amd/display: fixed divide by zero kernel crash during dsc enablement (Lyude Paul) [1944405]\n- drm/amd/display: Force vsync flip when reconfiguring MPCC (Lyude Paul) [1944405]\n- arm64: enable tlbi range instructions (Jeremy Linton) [1861872]\n- arm64: tlb: Use the TLBI RANGE feature in arm64 (Jeremy Linton) [1861872]\n- arm64: tlb: Detect the ARMv8.4 TLBI RANGE feature (Jeremy Linton) [1861872]\n- arm64/cpufeature: Add remaining feature bits in ID_AA64ISAR0 register (Jeremy Linton) [1861872]\n- arm64: tlbflush: Ensure start/end of address range are aligned to stride (Jeremy Linton) [1861872]\n- arm64: Detect the ARMv8.4 TTL feature (Jeremy Linton) [1861872]\n- arm64: tlbi: Set MAX_TLBI_OPS to PTRS_PER_PTE (Jeremy Linton) [1861872]\n[4.18.0-336]\n- bpf: Fix integer overflow involving bucket_size (Jiri Olsa) [1992588]\n- bpf: Fix leakage due to insufficient speculative store bypass mitigation (Jiri Olsa) [1992588]\n- bpf: Introduce BPF nospec instruction for mitigating Spectre v4 (Jiri Olsa) [1992588]\n- bpf: Fix OOB read when printing XDP link fdinfo (Jiri Olsa) [1992588]\n- bpf, test: fix NULL pointer dereference on invalid expected_attach_type (Jiri Olsa) [1992588]\n- bpf: Fix tail_call_reachable rejection for interpreter when jit failed (Jiri Olsa) [1992588]\n- bpf: Track subprog poke descriptors correctly and fix use-after-free (Jiri Olsa) [1992588]\n- bpf: Fix null ptr deref with mixed tail calls and subprogs (Jiri Olsa) [1992588]\n- bpf: Fix leakage under speculation on mispredicted branches (Jiri Olsa) [1992588]\n- bpf: Set mac_len in bpf_skb_change_head (Jiri Olsa) [1992588]\n- bpf: Prevent writable memory-mapping of read-only ringbuf pages (Jiri Olsa) [1992588]\n- bpf: Fix alu32 const subreg bound tracking on bitwise operations (Jiri Olsa) [1992588]\n- xsk: Fix broken Tx ring validation (Jiri Olsa) [1992588]\n- xsk: Fix for xp_aligned_validate_desc() when len == chunk_size (Jiri Olsa) [1992588]\n- bpf: link: Refuse non-O_RDWR flags in BPF_OBJ_GET (Jiri Olsa) [1992588]\n- bpf: Refcount task stack in bpf_get_task_stack (Jiri Olsa) [1992588]\n- bpf: Use NOP_ATOMIC5 instead of emit_nops(&prog, 5) for BPF_TRAMP_F_CALL_ORIG (Jiri Olsa) [1992588]\n- selftest/bpf: Add a test to check trampoline freeing logic. (Jiri Olsa) [1992588]\n- bpf: Fix fexit trampoline. (Jiri Olsa) [1992588]\n- ftrace: Fix modify_ftrace_direct. (Jiri Olsa) [1992588]\n- ftrace: Add a helper function to modify_ftrace_direct() to allow arch optimization (Jiri Olsa) [1992588]\n- ftrace: Add helper find_direct_entry() to consolidate code (Jiri Olsa) [1992588]\n- bpf: Fix truncation handling for mod32 dst reg wrt zero (Jiri Olsa) [1992588]\n- bpf: Fix an unitialized value in bpf_iter (Jiri Olsa) [1992588]\n- bpf_lru_list: Read double-checked variable once without lock (Jiri Olsa) [1992588]\n- mt76: validate rx A-MSDU subframes (Inigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}\n- ath11k: Drop multicast fragments (Inigo Huguet) [1991459] {CVE-2020-26145}\n- ath11k: Clear the fragment cache during key install (Inigo Huguet) [1991459] {CVE-2020-24587}\n- ath10k: Validate first subframe of A-MSDU before processing the list (Inigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}\n- ath10k: Fix TKIP Michael MIC verification for PCIe (Inigo Huguet) [1991459] {CVE-2020-26141}\n- ath10k: drop MPDU which has discard flag set by firmware for SDIO (Inigo Huguet) [1991459] {CVE-2020-24588}\n- ath10k: drop fragments with multicast DA for SDIO (Inigo Huguet) [1991459] {CVE-2020-26145}\n- ath10k: drop fragments with multicast DA for PCIe (Inigo Huguet) [1991459] {CVE-2020-26145}\n- ath10k: add CCMP PN replay protection for fragmented frames for PCIe (Inigo Huguet) [1991459]\n- mac80211: extend protection against mixed key and fragment cache attacks (Inigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}\n- mac80211: do not accept/forward invalid EAPOL frames (Inigo Huguet) [1991459] {CVE-2020-26139}\n- mac80211: prevent attacks on TKIP/WEP as well (Inigo Huguet) [1991459] {CVE-2020-26141}\n- mac80211: check defrag PN against current frame (Inigo Huguet) [1991459]\n- mac80211: add fragment cache to sta_info (Inigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}\n- mac80211: drop A-MSDUs on old ciphers (Inigo Huguet) [1991459] {CVE-2020-24588}\n- cfg80211: mitigate A-MSDU aggregation attacks (Inigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}\n- mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Inigo Huguet) [1991459]\n- mac80211: prevent mixed key and fragment cache attacks (Inigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}\n- mac80211: assure all fragments are encrypted (Inigo Huguet) [1991459] {CVE-2020-26147}\n- tipc: call tipc_wait_for_connect only when dlen is not 0 (Xin Long) [1989361]\n- mptcp: remove tech preview warning (Florian Westphal) [1985120]\n- tcp: consistently disable header prediction for mptcp (Florian Westphal) [1985120]\n- selftests: mptcp: fix case multiple subflows limited by server (Florian Westphal) [1985120]\n- selftests: mptcp: turn rp_filter off on each NIC (Florian Westphal) [1985120]\n- selftests: mptcp: display proper reason to abort tests (Florian Westphal) [1985120]\n- mptcp: properly account bulk freed memory (Florian Westphal) [1985120]\n- mptcp: fix 'masking a bool' warning (Florian Westphal) [1985120]\n- mptcp: refine mptcp_cleanup_rbuf (Florian Westphal) [1985120]\n- mptcp: use fast lock for subflows when possible (Florian Westphal) [1985120]\n- mptcp: avoid processing packet if a subflow reset (Florian Westphal) [1985120]\n- mptcp: add sk parameter for mptcp_get_options (Florian Westphal) [1985120]\n- mptcp: fix syncookie process if mptcp can not_accept new subflow (Florian Westphal) [1985120]\n- mptcp: fix warning in __skb_flow_dissect() when do syn cookie for subflow join (Florian Westphal) [1985120]\n- mptcp: avoid race on msk state changes (Florian Westphal) [1985120]\n- mptcp: fix 32 bit DSN expansion (Florian Westphal) [1985120]\n- mptcp: fix bad handling of 32 bit ack wrap-around (Florian Westphal) [1985120]\n- tcp: parse mptcp options contained in reset packets (Florian Westphal) [1985120]\n- ionic: count csum_none when offload enabled (Jonathan Toppins) [1991646]\n- ionic: fix up dim accounting for tx and rx (Jonathan Toppins) [1991646]\n- ionic: remove intr coalesce update from napi (Jonathan Toppins) [1991646]\n- ionic: catch no ptp support earlier (Jonathan Toppins) [1991646]\n- ionic: make all rx_mode work threadsafe (Jonathan Toppins) [1991646]\n- dmaengine: idxd: Fix missing error code in idxd_cdev_open() (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: add missing dsa driver unregister (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: add engine 'struct device' missing bus type assignment (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: remove MSIX masking for interrupt handlers (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: Use cpu_feature_enabled() (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: enable SVA feature for IOMMU (Jerry Snitselaar) [1990637]\n- dmagenine: idxd: Dont add portal offset in idxd_submit_desc (Jerry Snitselaar) [1990637]\n- ethtool: strset: fix message length calculation (Balazs Nemeth) [1989003]\n- net: add strict checks in netdev_name_node_alt_destroy() (Andrea Claudi) [1859038]\n- net: rtnetlink: fix bugs in rtnl_alt_ifname() (Andrea Claudi) [1859038]\n- net: rtnetlink: add linkprop commands to add and delete alternative ifnames (Andrea Claudi) [1859038]\n- net: check all name nodes in __dev_alloc_name (Andrea Claudi) [1859038]\n- net: fix a leak in register_netdevice() (Andrea Claudi) [1859038]\n- tun: fix memory leak in error path (Andrea Claudi) [1859038]\n- net: propagate errors correctly in register_netdevice() (Andrea Claudi) [1859038]\n- net: introduce name_node struct to be used in hashlist (Andrea Claudi) [1859038]\n- net: procfs: use index hashlist instead of name hashlist (Andrea Claudi) [1859038]\n- configs: Enable CONFIG_CHELSIO_INLINE_CRYPTO (Raju Rangoju) [1961368]\n- cxgb4/ch_ktls: Clear resources when pf4 device is removed (Raju Rangoju) [1961374]\n- ch_ktls: Remove redundant variable result (Raju Rangoju) [1961374]\n- ch_ktls: do not send snd_una update to TCB in middle (Raju Rangoju) [1961374]\n- ch_ktls: tcb close causes tls connection failure (Raju Rangoju) [1961374]\n- ch_ktls: fix device connection close (Raju Rangoju) [1961374]\n- ch_ktls: Fix kernel panic (Raju Rangoju) [1961374]\n- ch_ktls: fix enum-conversion warning (Raju Rangoju) [1961374]\n- net: ethernet: chelsio: inline_crypto: Mundane typos fixed throughout the file chcr_ktls.c (Raju Rangoju) [1961374]\n- ch_ipsec: Remove initialization of rxq related data (Raju Rangoju) [1961388]\n- ch_ktls: fix build warning for ipv4-only config (Raju Rangoju) [1961374]\n- ch_ktls: lock is not freed (Raju Rangoju) [1961374]\n- ch_ktls: stop the txq if reaches threshold (Raju Rangoju) [1961374]\n- ch_ktls: tcb update fails sometimes (Raju Rangoju) [1961374]\n- ch_ktls/cxgb4: handle partial tag alone SKBs (Raju Rangoju) [1961374]\n- ch_ktls: dont free skb before sending FIN (Raju Rangoju) [1961374]\n- ch_ktls: packet handling prior to start marker (Raju Rangoju) [1961374]\n- ch_ktls: Correction in middle record handling (Raju Rangoju) [1961374]\n- ch_ktls: missing handling of header alone (Raju Rangoju) [1961374]\n- ch_ktls: Correction in trimmed_len calculation (Raju Rangoju) [1961374]\n- cxgb4/ch_ktls: creating skbs causes panic (Raju Rangoju) [1961374]\n- ch_ktls: Update cheksum information (Raju Rangoju) [1961374]\n- ch_ktls: Correction in finding correct length (Raju Rangoju) [1961374]\n- cxgb4/ch_ktls: decrypted bit is not enough (Raju Rangoju) [1961374]\n- cxgb4/ch_ipsec: Replace the module name to ch_ipsec from chcr (Raju Rangoju) [1961388]\n- cxgb4/ch_ktls: ktls stats are added at port level (Raju Rangoju) [1961374]\n- ch_ktls: Issue if connection offload fails (Raju Rangoju) [1961374]\n- chelsio/chtls: Re-add dependencies on CHELSIO_T4 to fix modular CHELSIO_T4 (Raju Rangoju) [1961388]\n- chelsio/chtls: CHELSIO_INLINE_CRYPTO should depend on CHELSIO_T4 (Raju Rangoju) [1961388]\n- crypto: chelsio - fix minor indentation issue (Raju Rangoju) [1961368]\n- crypto/chcr: move nic TLS functionality to drivers/net (Raju Rangoju) [1961368]\n- cxgb4/ch_ipsec: Registering xfrmdev_ops with cxgb4 (Raju Rangoju) [1961388]\n- crypto/chcr: Moving chelsios inline ipsec functionality to /drivers/net (Raju Rangoju) [1961368]\n- chelsio/chtls: separate chelsio tls driver from crypto driver (Raju Rangoju) [1961368]\n- crypto: chelsio - Fix some pr_xxx messages (Raju Rangoju) [1961368]\n- crypto: chelsio - Avoid some code duplication (Raju Rangoju) [1961368]\n- crypto: drivers - set the flag CRYPTO_ALG_ALLOCATES_MEMORY (Raju Rangoju) [1961368]\n- crypto: aead - remove useless setting of type flags (Raju Rangoju) [1961368]\n- crypto: Replace zero-length array with flexible-array (Raju Rangoju) [1961368]\n- [Crypto] treewide: replace '---help---' in Kconfig files with 'help' (Raju Rangoju) [1961368]\n- Crypto/chcr: Checking cra_refcnt before unregistering the algorithms (Raju Rangoju) [1961368]\n- Crypto/chcr: Calculate src and dst sg lengths separately for dma map (Raju Rangoju) [1961368]\n- Crypto/chcr: Fixes a coccinile check error (Raju Rangoju) [1961368]\n- Crypto/chcr: Fixes compilations warnings (Raju Rangoju) [1961368]\n- crypto/chcr: IPV6 code needs to be in CONFIG_IPV6 (Raju Rangoju) [1961368]\n- crypto: lib/sha1 - remove unnecessary includes of linux/cryptohash.h (Raju Rangoju) [1961368]\n- Crypto/chcr: fix for hmac(sha) test fails (Raju Rangoju) [1961368]\n- Crypto/chcr: fix for ccm(aes) failed test (Raju Rangoju) [1961368]\n- Crypto/chcr: fix ctr, cbc, xts and rfc3686-ctr failed tests (Raju Rangoju) [1961368]\n- crypto: chelsio - remove redundant assignment to variable error (Raju Rangoju) [1961368]\n- chcr: Fix CPU hard lockup (Raju Rangoju) [1961368]\n- crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN (Raju Rangoju) [1961368]\n- crypto: chelsio - switch to skcipher API (Raju Rangoju) [1961368]\n- crypto: chelsio - Remove VLA usage of skcipher (Raju Rangoju) [1961368]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-16T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732"], "modified": "2021-11-16T00:00:00", "id": "ELSA-2021-4356", "href": "http://linux.oracle.com/errata/ELSA-2021-4356.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "veracode": [{"lastseen": "2023-04-18T06:55:09", "description": "Linux kernel is vulnerable to arbitrary code execution. Due to a flaw in `mwifiex_cmd_802_11_ad_hoc_start` in `drivers/net/wireless/marvell/mwifiex/join.c` in the Linux kernel, it allows remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-18T22:34:53", "type": "veracode", "title": "Arbitrary Code Execution ", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36158"], "modified": "2022-10-07T06:25:30", "id": "VERACODE:29755", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-29755/summary", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2023-12-06T21:28:06", "description": "Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. ", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-14T01:41:15", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: kernel-headers-5.10.6-200.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36158"], "modified": "2021-01-14T01:41:15", "id": "FEDORA:CFDB130AD501", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2UNVLDW2IS4N3JNM2CEZMF3M7J3DHSFX/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T21:28:06", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-14T01:41:15", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: kernel-5.10.6-200.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36158"], "modified": "2021-01-14T01:41:15", "id": "FEDORA:6AE7B30A9BBD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HCHBIRS27VMOGMBHPWP2R7SZRFXT6O6U/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2023-12-07T14:12:49", "description": "mwifiex_cmd_802_11_ad_hoc_start in\ndrivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n5.10.4 might allow remote attackers to execute arbitrary code via a long\nSSID value, aka CID-5c455c5ab332.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-05T00:00:00", "type": "ubuntucve", "title": "CVE-2020-36158", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36158"], "modified": "2021-01-05T00:00:00", "id": "UB:CVE-2020-36158", "href": "https://ubuntu.com/security/CVE-2020-36158", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-09-15T15:00:28", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2021-1.0-0354", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36158"], "modified": "2021-01-22T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2021-1_0-0354_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/145231", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-1.0-0354. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145231);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\"CVE-2020-36158\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2021-1.0-0354\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-354.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'linux-api-headers-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-dev-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-docs-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-drivers-gpu-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-devel-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-docs-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-oprofile-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-sound-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-tools-4.4.250-1.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:02:22", "description": "The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-3465ada1ca advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-14T00:00:00", "type": "nessus", "title": "Fedora 33 : kernel / kernel-headers (2021-3465ada1ca)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36158"], "modified": "2021-04-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers"], "id": "FEDORA_2021-3465ADA1CA.NASL", "href": "https://www.tenable.com/plugins/nessus/144966", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-3465ada1ca\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144966);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\"CVE-2020-36158\");\n script_xref(name:\"FEDORA\", value:\"2021-3465ada1ca\");\n\n script_name(english:\"Fedora 33 : kernel / kernel-headers (2021-3465ada1ca)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-3465ada1ca advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-3465ada1ca\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel and / or kernel-headers packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-36158');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for FEDORA-2021-3465ada1ca');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'kernel-5.10.6-200.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.10.6-200.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-headers');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:52", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-9041 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\n\nThis advisory was deprecated by OracleLinux. See related links.", "cvss3": {}, "published": "2021-02-09T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9041) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36158"], "modified": "2021-02-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.54.1.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.54.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2021-9041.NASL", "href": "https://www.tenable.com/plugins/nessus/146305", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2021/02/11. Retracted by vendor. \n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146305);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/11\");\n\n script_cve_id(\"CVE-2020-36158\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9041) (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-9041 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\n\nThis advisory was deprecated by OracleLinux. See related links.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9041.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2021-February/010841.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"n/a\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.54.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.54.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. The advisory was retracted by the vendor.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:10:32", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-9040 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-09T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9040)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36158"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.54.1.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.54.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2021-9040.NASL", "href": "https://www.tenable.com/plugins/nessus/146304", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9040.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146304);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2020-36158\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9040)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-9040 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9040.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.54.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.54.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.54.1.el6uek', '3.8.13-118.54.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9040');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.54.1.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.54.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.54.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.54.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.54.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.54.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.54.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.54.1.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.54.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.54.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.54.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.54.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.54.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.54.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.54.1.el6uek / dtrace-modules-3.8.13-118.54.1.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:00:31", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2021-01-26T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2021-2.0-0314", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28374", "CVE-2020-36158"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2021-2_0-0314_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/145459", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-2.0-0314. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145459);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\"CVE-2020-28374\", \"CVE-2020-36158\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2021-2.0-0314\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-314.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', reference:'linux-api-headers-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-devel-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-docs-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-drivers-gpu-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-oprofile-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-sound-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-devel-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-docs-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-drivers-gpu-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-esx-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-esx-devel-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-esx-docs-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-oprofile-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-devel-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-docs-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-lkcm-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-sound-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-tools-4.9.252-1.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:15:45", "description": "The remote Ubuntu 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4879-1 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. (CVE-2021-20194)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-4879-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36158", "CVE-2021-20194"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-45-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-45-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-45-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-45-lowlatency"], "id": "UBUNTU_USN-4879-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147974", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4879-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147974);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\"CVE-2020-36158\", \"CVE-2021-20194\");\n script_xref(name:\"USN\", value:\"4879-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-4879-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4879-1 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config\n params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y ,\n CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution,\n the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap\n overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly\n privileges escalation. (CVE-2021-20194)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4879-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-20194\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-45-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-45-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-45-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-45-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.8.0': {\n 'generic': '5.8.0-45',\n 'generic-64k': '5.8.0-45',\n 'generic-lpae': '5.8.0-45',\n 'lowlatency': '5.8.0-45'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4879-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2020-36158', 'CVE-2021-20194');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4879-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:51:47", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4877-1 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4877-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36158", "CVE-2021-3178"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1013-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1066-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1080-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1086-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1094-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1095-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1097-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1109-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-137-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-137-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-137-lowlatency"], "id": "UBUNTU_USN-4877-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147992", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4877-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147992);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\"CVE-2020-36158\", \"CVE-2021-3178\");\n script_xref(name:\"USN\", value:\"4877-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4877-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4877-1 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a\n subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via\n READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this\n attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4877-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1013-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1066-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1080-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1086-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1094-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1095-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1097-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1109-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-137-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-137-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-137-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.15.0': {\n 'generic': '4.15.0-137',\n 'generic-lpae': '4.15.0-137',\n 'lowlatency': '4.15.0-137',\n 'oracle': '4.15.0-1066',\n 'gcp': '4.15.0-1094',\n 'aws': '4.15.0-1095',\n 'azure': '4.15.0-1109'\n }\n },\n '18.04': {\n '4.15.0': {\n 'generic': '4.15.0-137',\n 'generic-lpae': '4.15.0-137',\n 'lowlatency': '4.15.0-137',\n 'dell300x': '4.15.0-1013',\n 'oracle': '4.15.0-1066',\n 'raspi2': '4.15.0-1080',\n 'kvm': '4.15.0-1086',\n 'gcp': '4.15.0-1094',\n 'aws': '4.15.0-1095',\n 'snapdragon': '4.15.0-1097',\n 'azure': '4.15.0-1109'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4877-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2020-36158', 'CVE-2021-3178');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4877-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:15:44", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4876-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4876-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-29569", "CVE-2020-36158", "CVE-2021-3178"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1089-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1123-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1147-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1151-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-powerpc64-smp"], "id": "UBUNTU_USN-4876-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148001", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4876-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148001);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\"CVE-2020-29569\", \"CVE-2020-36158\", \"CVE-2021-3178\");\n script_xref(name:\"USN\", value:\"4876-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4876-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4876-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a\n subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via\n READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this\n attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4876-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1089-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1123-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1147-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1151-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-powerpc64-smp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.4.0': {\n 'generic': '4.4.0-204',\n 'generic-lpae': '4.4.0-204',\n 'lowlatency': '4.4.0-204',\n 'powerpc-e500mc': '4.4.0-204',\n 'powerpc-smp': '4.4.0-204',\n 'powerpc64-emb': '4.4.0-204',\n 'powerpc64-smp': '4.4.0-204',\n 'kvm': '4.4.0-1089',\n 'aws': '4.4.0-1123',\n 'raspi2': '4.4.0-1147',\n 'snapdragon': '4.4.0-1151'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4876-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2020-29569', 'CVE-2020-36158', 'CVE-2021-3178');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4876-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:09:32", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9043 advisory.\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-10T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2021-9043)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28915", "CVE-2020-28974", "CVE-2020-36158"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2021-9043.NASL", "href": "https://www.tenable.com/plugins/nessus/146352", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9043.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146352);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2020-28915\", \"CVE-2020-28974\", \"CVE-2020-36158\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2021-9043)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9043 advisory.\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9043.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.330.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9043');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.330.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.330.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.330.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.330.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.330.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.330.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.330.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.330.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.330.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.330.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T15:21:08", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9039 advisory.\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-08T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28374", "CVE-2020-29660", "CVE-2020-36158"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container"], "id": "ORACLELINUX_ELSA-2021-9039.NASL", "href": "https://www.tenable.com/plugins/nessus/146299", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9039.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146299);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2020-28374\", \"CVE-2020-29660\", \"CVE-2020-36158\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9039)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-9039 advisory.\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9039.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-4.14.35-2025.405.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:08:13", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9035 advisory.\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-08T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9035)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28374", "CVE-2020-29660", "CVE-2020-36158"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9035.NASL", "href": "https://www.tenable.com/plugins/nessus/146300", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9035.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146300);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2020-28374\", \"CVE-2020-29660\", \"CVE-2020-36158\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9035)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9035 advisory.\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9035.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2025.405.3.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9035');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2025.405.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2025.405.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2025.405.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2025.405.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2025.405.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2025.405.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:51:47", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4878-1 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4878-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36158", "CVE-2021-20239", "CVE-2021-3178", "CVE-2021-3347"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1011-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1030-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1034-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1037-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1038-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1039-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1041-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-67-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-67-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-67-lowlatency"], "id": "UBUNTU_USN-4878-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148003", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4878-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148003);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2020-36158\",\n \"CVE-2021-3178\",\n \"CVE-2021-3347\",\n \"CVE-2021-20239\"\n );\n script_xref(name:\"USN\", value:\"4878-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4878-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4878-1 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a\n subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via\n READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this\n attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free\n during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4878-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1011-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1030-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1034-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1037-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1038-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1039-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1041-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-67-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-67-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-67-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '18.04': {\n '5.4.0': {\n 'generic': '5.4.0-67',\n 'generic-lpae': '5.4.0-67',\n 'lowlatency': '5.4.0-67',\n 'gkeop': '5.4.0-1011',\n 'raspi': '5.4.0-1030',\n 'gke': '5.4.0-1037',\n 'gcp': '5.4.0-1038',\n 'oracle': '5.4.0-1039',\n 'azure': '5.4.0-1041'\n }\n },\n '20.04': {\n '5.4.0': {\n 'generic': '5.4.0-67',\n 'generic-lpae': '5.4.0-67',\n 'lowlatency': '5.4.0-67',\n 'gkeop': '5.4.0-1011',\n 'raspi': '5.4.0-1030',\n 'kvm': '5.4.0-1034',\n 'gcp': '5.4.0-1038',\n 'oracle': '5.4.0-1039',\n 'azure': '5.4.0-1041'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4878-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2020-36158', 'CVE-2021-3178', 'CVE-2021-3347', 'CVE-2021-20239');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4878-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:59", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3.\n For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.(CVE-2020-28374)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.(CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out.\n This only affects systems with a Linux blkback.(CVE-2020-29569)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-05T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1246)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-36158"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1246.NASL", "href": "https://www.tenable.com/plugins/nessus/146217", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146217);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1246)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In drivers/target/target_core_xcopy.c in the Linux\n kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote\n attackers to read or write files via directory\n traversal in an XCOPY request, aka CID-2896c93811e3.\n For example, an attack can occur over a network if the\n attacker has access to one iSCSI LUN. The attacker\n gains control over file access because I/O operations\n are proxied via an attacker-selected\n backstore.(CVE-2020-28374)\n\n - An issue was discovered in Xen through 4.14.x. Some\n OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the\n events are received faster than the thread is able to\n handle, they will get queued. As the queue is\n unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD\n (any version) dom0 are vulnerable.(CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through\n 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread\n handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the\n frontend quickly toggles between the states connect and\n disconnect. As a consequence, the block backend may\n re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously\n connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out.\n This only affects systems with a Linux\n blkback.(CVE-2020-29569)\n\n - mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c in the\n Linux kernel through 5.10.4 might allow remote\n attackers to execute arbitrary code via a long SSID\n value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1246\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7744bf0c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.90-vhulk2011.1.0.h382.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2011.1.0.h382.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2011.1.0.h382.eulerosv2r9\",\n \"python3-perf-4.19.90-vhulk2011.1.0.h382.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:08:10", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9030 advisory.\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-03T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9030)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12653", "CVE-2020-27786", "CVE-2020-29568", "CVE-2020-29660", "CVE-2020-36158"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2021-9030.NASL", "href": "https://www.tenable.com/plugins/nessus/146096", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9030.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146096);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-12653\",\n \"CVE-2020-27786\",\n \"CVE-2020-29568\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\"\n );\n script_xref(name:\"IAVB\", value:\"2020-B-0077-S\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9030)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9030 advisory.\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in\n drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of\n service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and\n the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to\n this specific memory while freed and before use causes the flow of execution to change and possibly allow\n for memory corruption or privilege escalation. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9030.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-27786\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.47.3.el6uek', '4.1.12-124.47.3.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9030');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.47.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.47.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.47.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.47.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.47.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.47.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.47.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.47.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.47.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.47.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.47.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.47.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:10:32", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3.\n For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.(CVE-2020-28374)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. (CVE-2021-0342)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE:\n some parties argue that such a subdirectory export is not intended to prevent this attack see also the exports(5) no_subtree_check default behavior.(CVE-2021-3178)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-05T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1265)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14351", "CVE-2020-28374", "CVE-2020-36158", "CVE-2021-0342", "CVE-2021-3178"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1265.NASL", "href": "https://www.tenable.com/plugins/nessus/146261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146261);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-14351\",\n \"CVE-2020-28374\",\n \"CVE-2020-36158\",\n \"CVE-2021-0342\",\n \"CVE-2021-3178\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1265)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In drivers/target/target_core_xcopy.c in the Linux\n kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote\n attackers to read or write files via directory\n traversal in an XCOPY request, aka CID-2896c93811e3.\n For example, an attack can occur over a network if the\n attacker has access to one iSCSI LUN. The attacker\n gains control over file access because I/O operations\n are proxied via an attacker-selected\n backstore.(CVE-2020-28374)\n\n - mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c in the\n Linux kernel through 5.10.4 might allow remote\n attackers to execute arbitrary code via a long SSID\n value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - In tun_get_user of tun.c, there is possible memory\n corruption due to a use after free. This could lead to\n local escalation of privilege with System execution\n privileges required. User interaction is not required\n for exploitation. (CVE-2021-0342)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability. (CVE-2020-14351)\n\n - fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8,\n when there is an NFS export of a subdirectory of a\n filesystem, allows remote attackers to traverse to\n other parts of the filesystem via READDIRPLUS. NOTE:\n some parties argue that such a subdirectory export is\n not intended to prevent this attack see also the\n exports(5) no_subtree_check default\n behavior.(CVE-2021-3178)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1265\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?113ac543\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.18.0-147.5.1.2.h340.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.2.h340.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.2.h340.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.2.h340.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:16:35", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9038 advisory.\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected. (CVE-2021-20177)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9038)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-36158", "CVE-2021-20177"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2021-9038.NASL", "href": "https://www.tenable.com/plugins/nessus/148550", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9038.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148550);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\",\n \"CVE-2021-20177\"\n );\n script_xref(name:\"IAVB\", value:\"2020-B-0077-S\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9038)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9038 advisory.\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged\n user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the\n system. Kernel before kernel 5.5-rc1 is affected. (CVE-2021-20177)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9038.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.4.17-2036.103.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2036.103.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2036.103.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2036.103.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:15:45", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9037 advisory.\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected. (CVE-2021-20177)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9037)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-36158", "CVE-2021-20177"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9037.NASL", "href": "https://www.tenable.com/plugins/nessus/148549", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9037.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148549);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\",\n \"CVE-2021-20177\"\n );\n script_xref(name:\"IAVB\", value:\"2020-B-0077-S\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9037)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9037 advisory.\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged\n user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the\n system. Kernel before kernel 5.5-rc1 is affected. (CVE-2021-20177)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9037.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2036.103.3.el7uek', '5.4.17-2036.103.3.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9037');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2036.103.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2036.103.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.103.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.103.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.103.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.103.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.103.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.103.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2036.103.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2036.103.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2036.103.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2036.103.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2036.103.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2036.103.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2036.103.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2036.103.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.103.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.103.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.103.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.103.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.103.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.103.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2036.103.3.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:08:11", "description": "This update for the Linux Kernel 4.4.180-94_121 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032.\n\nCVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-11T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0408-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0465", "CVE-2020-0466", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_129-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_135-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_138-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_141-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_146-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_116-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_116-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_121-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_121-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_124-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_124-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_127-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_127-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_130-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_130-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_135-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_135-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0408-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146401", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0408-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146401);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0408-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for the Linux Kernel 4.4.180-94_121 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180562).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180030).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032.\n\nCVE-2020-29569: Fixed a use after free due to a logic error\n(bsc#1180008).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bsc#1179877).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179877).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29569/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210408-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?de7ce351\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2021-404=1\nSUSE-SLE-SAP-12-SP3-2021-405=1 SUSE-SLE-SAP-12-SP3-2021-406=1\nSUSE-SLE-SAP-12-SP3-2021-407=1 SUSE-SLE-SAP-12-SP3-2021-408=1\nSUSE-SLE-SAP-12-SP3-2021-409=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2021-410=1\nSUSE-SLE-SAP-12-SP2-2021-411=1 SUSE-SLE-SAP-12-SP2-2021-412=1\nSUSE-SLE-SAP-12-SP2-2021-413=1 SUSE-SLE-SAP-12-SP2-2021-414=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-404=1\nSUSE-SLE-SERVER-12-SP3-2021-405=1 SUSE-SLE-SERVER-12-SP3-2021-406=1\nSUSE-SLE-SERVER-12-SP3-2021-407=1 SUSE-SLE-SERVER-12-SP3-2021-408=1\nSUSE-SLE-SERVER-12-SP3-2021-409=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-410=1\nSUSE-SLE-SERVER-12-SP2-2021-411=1 SUSE-SLE-SERVER-12-SP2-2021-412=1\nSUSE-SLE-SERVER-12-SP2-2021-413=1 SUSE-SLE-SERVER-12-SP2-2021-414=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_129-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_135-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_138-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_141-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_146-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_116-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_116-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_121-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_121-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_124-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_124-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_127-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_127-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_130-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_130-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_135-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_135-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_116-default-7-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_116-default-debuginfo-7-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_121-default-6-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_121-default-debuginfo-6-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_124-default-6-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_124-default-debuginfo-6-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_127-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_127-default-debuginfo-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_130-default-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_130-default-debuginfo-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_135-default-3-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_135-default-debuginfo-3-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_129-default-8-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_135-default-6-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_138-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_141-default-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_146-default-3-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:10:30", "description": "The remote OracleVM system is missing necessary patches to address security updates:\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - A flaw was found in the Linux kernel's implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-05T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : kernel-uek (OVMSA-2021-0005)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12653", "CVE-2020-27786", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29660", "CVE-2020-36158"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2021-0005.NASL", "href": "https://www.tenable.com/plugins/nessus/146248", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were\n# extracted from OracleVM Security Advisory OVMSA-2021-0005.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146248);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-12653\",\n \"CVE-2020-27786\",\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"OracleVM 3.4 : kernel-uek (OVMSA-2021-0005)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OracleVM host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote OracleVM system is missing necessary patches to address security updates:\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in\n drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of\n service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - A flaw was found in the Linux kernel's implementation of MIDI, where an attacker with a local account and\n the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to\n this specific memory while freed and before use causes the flow of execution to change and possibly allow\n for memory corruption or privilege escalation. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-12653.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-27786.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-29568.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-29660.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-36158.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/OVMSA-2021-0005.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek / kernel-uek-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.47.3.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for OVMSA-2021-0005');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.47.3.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.47.3.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'OVS' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-firmware');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:09:25", "description": "The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).\n\nCVE-2021-20177: Fixed a kernel panic related to iptables string matching rules. A privileged user could insert a rule which could lead to denial of service (bnc#1180765).\n\nCVE-2021-0342: In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required.\n(bnc#1180812)\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).\n\nCVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).\n\nCVE-2020-36158: Fixed an issue wich might have allowed a remote attackers to execute arbitrary code via a long SSID value in mwifiex_cmd_802_11_ad_hoc_start() (bnc#1180559).\n\nCVE-2020-28374: Fixed a vulnerability caused by insufficient identifier checking in the LIO SCSI target code. This could have been used by a remote attackers to read or write files via directory traversal in an XCOPY request (bnc#1178372).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0348-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25639", "CVE-2020-27835", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-36158", "CVE-2021-0342", "CVE-2021-20177", "CVE-2021-3347"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0348-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146362", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0348-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146362);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-25639\",\n \"CVE-2020-27835\",\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-36158\",\n \"CVE-2021-0342\",\n \"CVE-2021-3347\",\n \"CVE-2021-20177\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0348-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes\nduring fault handling, allowing local users to execute code in the\nkernel (bnc#1181349).\n\nCVE-2021-20177: Fixed a kernel panic related to iptables string\nmatching rules. A privileged user could insert a rule which could lead\nto denial of service (bnc#1180765).\n\nCVE-2021-0342: In tun_get_user of tun.c, there is possible memory\ncorruption due to a use after free. This could lead to local\nescalation of privilege with System execution privileges required.\n(bnc#1180812)\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was\nfound, specifically in the way user calls Ioctl after open dev file\nand fork. A local user could use this flaw to crash the system\n(bnc#1179878).\n\nCVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl\n(bnc#1176846).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information\nleaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing\nwatch events (bnc#1179508).\n\nCVE-2020-36158: Fixed an issue wich might have allowed a remote\nattackers to execute arbitrary code via a long SSID value in\nmwifiex_cmd_802_11_ad_hoc_start() (bnc#1180559).\n\nCVE-2020-28374: Fixed a vulnerability caused by insufficient\nidentifier checking in the LIO SCSI target code. This could have been\nused by a remote attackers to read or write files via directory\ntraversal in an XCOPY request (bnc#1178372).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176831\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180891\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=901327\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25639/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27835/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29568/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29569/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-0342/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20177/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3347/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210348-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?00638af0\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-348=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-16.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-16.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-16.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-16.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-16.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-16.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-16.44.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:00:26", "description": "The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-13T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0095-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27825", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0095-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144908", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0095-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144908);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27825\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0095-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210095-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?283ed3db\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP1-2021-95=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-4.12.14-14.47.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-06T17:12:29", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.(CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.(CVE-2021-27365)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.(CVE-2021-27364)\n\n - Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ('ovl: stack file ops'). This was fixed in kernel version 5.8 by commits 56230d9 ('ovl: verify permissions in ovl_path_open()'), 48bd024 ('ovl: switch to mounter creds in readdir') and 05acefb ('ovl: check permission to open real file'). Additionally, commits 130fdbc ('ovl: pass correct flags for opening real directory') and 292f902 ('ovl: call secutiry hook in ovl_real_ioctl()') in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ('ovl: do not fail because of O_NOATIMEi') in kernel 5.11.(CVE-2020-16120)\n\n - A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system.(CVE-2021-20177)\n\n - fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE:\n some parties argue that such a subdirectory export is not intended to prevent this attack see also the exports(5) no_subtree_check default behavior.(CVE-2021-3178)\n\n - nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.(CVE-2021-3348)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.(CVE-2021-3347)\n\n - A flaw was found in the Linux kernel. The marvell wifi driver could allow a local attacker to execute arbitrary code via a long SSID value in mwifiex_cmd_802_11_ad_hoc_start function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-36158)\n\n - A flaw was found in the Linux kernel's implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to overwrite data on the backing store. The highest threat from this vulnerability is to integrity. In addition, this flaw affects the tcmu-runner package, where the affected SCSI command is called.(CVE-2020-28374)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1715)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16120", "CVE-2020-28374", "CVE-2020-36158", "CVE-2021-20177", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-3178", "CVE-2021-3347", "CVE-2021-3348"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-1715.NASL", "href": "https://www.tenable.com/plugins/nessus/148634", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148634);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-16120\",\n \"CVE-2020-28374\",\n \"CVE-2020-36158\",\n \"CVE-2021-3178\",\n \"CVE-2021-3347\",\n \"CVE-2021-3348\",\n \"CVE-2021-20177\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1715)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in the Linux kernel through\n 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an\n iSCSI transport is registered with the iSCSI subsystem,\n the transport's handle is available to unprivileged\n users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When\n read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which\n leaks the handle. This handle is actually the pointer\n to an iscsi_transport struct in the kernel module's\n global variables.(CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through\n 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can\n exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI,\n and has a length up to the maximum length of a Netlink\n message.(CVE-2021-27365)\n\n - An issue was discovered in the Linux kernel through\n 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged\n user to craft Netlink messages.(CVE-2021-27364)\n\n - Overlayfs did not properly perform permission checking\n when copying up files in an overlayfs and could be\n exploited from within a user namespace, if, for\n example, unprivileged user namespaces were allowed. It\n was possible to have a file not readable by an\n unprivileged user to be copied to a mountpoint\n controlled by the user, like a removable device. This\n was introduced in kernel version 4.19 by commit d1d04ef\n ('ovl: stack file ops'). This was fixed in kernel\n version 5.8 by commits 56230d9 ('ovl: verify\n permissions in ovl_path_open()'), 48bd024 ('ovl: switch\n to mounter creds in readdir') and 05acefb ('ovl: check\n permission to open real file'). Additionally, commits\n 130fdbc ('ovl: pass correct flags for opening real\n directory') and 292f902 ('ovl: call secutiry hook in\n ovl_real_ioctl()') in kernel 5.8 might also be desired\n or necessary. These additional commits introduced a\n regression in overlay mounts within user namespaces\n which prevented access to files with ownership outside\n of the user namespace. This regression was mitigated by\n subsequent commit b6650da ('ovl: do not fail because of\n O_NOATIMEi') in kernel 5.11.(CVE-2020-16120)\n\n - A flaw was found in the Linux kernel's implementation\n of string matching within a packet. A privileged user\n (with root or CAP_NET_ADMIN) when inserting iptables\n rules could insert a rule which can panic the\n system.(CVE-2021-20177)\n\n - fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8,\n when there is an NFS export of a subdirectory of a\n filesystem, allows remote attackers to traverse to\n other parts of the filesystem via READDIRPLUS. NOTE:\n some parties argue that such a subdirectory export is\n not intended to prevent this attack see also the\n exports(5) no_subtree_check default\n behavior.(CVE-2021-3178)\n\n - nbd_add_socket in drivers/block/nbd.c in the Linux\n kernel through 5.10.12 has an ndb_queue_rq\n use-after-free that could be triggered by local\n attackers (with access to the nbd device) via an I/O\n request at a certain point during device setup, aka\n CID-b98e762e3d71.(CVE-2021-3348)\n\n - An issue was discovered in the Linux kernel through\n 5.10.11. PI futexes have a kernel stack use-after-free\n during fault handling, allowing local users to execute\n code in the kernel, aka\n CID-34b1a1ce1458.(CVE-2021-3347)\n\n - A flaw was found in the Linux kernel. The marvell wifi\n driver could allow a local attacker to execute\n arbitrary code via a long SSID value in\n mwifiex_cmd_802_11_ad_hoc_start function. The highest\n threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-36158)\n\n - A flaw was found in the Linux kernel's implementation\n of the Linux SCSI target host, where an authenticated\n attacker could write to any block on the exported SCSI\n device backing store. This flaw allows an authenticated\n attacker to send LIO block requests to the Linux system\n to overwrite data on the backing store. The highest\n threat from this vulnerability is to integrity. In\n addition, this flaw affects the tcmu-runner package,\n where the affected SCSI command is\n called.(CVE-2020-28374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1715\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?204dd1c5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.90-vhulk2103.1.0.h443.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2103.1.0.h443.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2103.1.0.h443.eulerosv2r9\",\n \"python3-perf-4.19.90-vhulk2103.1.0.h443.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:08:11", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n - CVE-2020-27815 A flaw was reported in the JFS filesystem code allowing a local attacker with the ability to set extended attributes to cause a denial of service.\n\n - CVE-2020-27825 Adam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace ring buffer resizing logic due to a race condition, which could result in denial of service or information leak.\n\n - CVE-2020-27830 Shisong Qin reported a NULL pointer dereference flaw in the Speakup screen reader core driver.\n\n - CVE-2020-28374 David Disseldorp discovered that the LIO SCSI target implementation performed insufficient checking in certain XCOPY requests. An attacker with access to a LUN and knowledge of Unit Serial Number assignments can take advantage of this flaw to read and write to any LIO backstore, regardless of the SCSI transport settings.\n\n - CVE-2020-29568 (XSA-349) Michael Kurth and Pawel Wieczorkiewicz reported that frontends can trigger OOM in backends by updating a watched path.\n\n - CVE-2020-29569 (XSA-350) Olivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free flaw which can be triggered by a block frontend in Linux blkback. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend.\n\n - CVE-2020-29660 Jann Horn reported a locking inconsistency issue in the tty subsystem which may allow a local attacker to mount a read-after-free attack against TIOCGSID.\n\n - CVE-2020-29661 Jann Horn reported a locking issue in the tty subsystem which can result in a use-after-free. A local attacker can take advantage of this flaw for memory corruption or privilege escalation.\n\n - CVE-2020-36158 A buffer overflow flaw was discovered in the mwifiex WiFi driver which could result in denial of service or the execution of arbitrary code via a long SSID value.\n\n - CVE-2021-3347 It was discovered that PI futexes have a kernel stack use-after-free during fault handling. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.\n\n - CVE-2021-20177 A flaw was discovered in the Linux implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) can take advantage of this flaw to cause a kernel panic when inserting iptables rules.", "cvss3": {}, "published": "2021-02-02T00:00:00", "type": "nessus", "title": "Debian DSA-4843-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27815", "CVE-2020-27825", "CVE-2020-27830", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2021-20177", "CVE-2021-3347"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4843.NASL", "href": "https://www.tenable.com/plugins/nessus/146052", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4843. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146052);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\"CVE-2020-27815\", \"CVE-2020-27825\", \"CVE-2020-27830\", \"CVE-2020-28374\", \"CVE-2020-29568\", \"CVE-2020-29569\", \"CVE-2020-29660\", \"CVE-2020-29661\", \"CVE-2020-36158\", \"CVE-2021-20177\", \"CVE-2021-3347\");\n script_xref(name:\"DSA\", value:\"4843\");\n\n script_name(english:\"Debian DSA-4843-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2020-27815\n A flaw was reported in the JFS filesystem code allowing\n a local attacker with the ability to set extended\n attributes to cause a denial of service.\n\n - CVE-2020-27825\n Adam 'pi3' Zabrocki reported a use-after-free flaw in\n the ftrace ring buffer resizing logic due to a race\n condition, which could result in denial of service or\n information leak.\n\n - CVE-2020-27830\n Shisong Qin reported a NULL pointer dereference flaw in\n the Speakup screen reader core driver.\n\n - CVE-2020-28374\n David Disseldorp discovered that the LIO SCSI target\n implementation performed insufficient checking in\n certain XCOPY requests. An attacker with access to a LUN\n and knowledge of Unit Serial Number assignments can take\n advantage of this flaw to read and write to any LIO\n backstore, regardless of the SCSI transport settings.\n\n - CVE-2020-29568 (XSA-349)\n Michael Kurth and Pawel Wieczorkiewicz reported that\n frontends can trigger OOM in backends by updating a\n watched path.\n\n - CVE-2020-29569 (XSA-350)\n Olivier Benjamin and Pawel Wieczorkiewicz reported a\n use-after-free flaw which can be triggered by a block\n frontend in Linux blkback. A misbehaving guest can\n trigger a dom0 crash by continuously connecting /\n disconnecting a block frontend.\n\n - CVE-2020-29660\n Jann Horn reported a locking inconsistency issue in the\n tty subsystem which may allow a local attacker to mount\n a read-after-free attack against TIOCGSID.\n\n - CVE-2020-29661\n Jann Horn reported a locking issue in the tty subsystem\n which can result in a use-after-free. A local attacker\n can take advantage of this flaw for memory corruption or\n privilege escalation.\n\n - CVE-2020-36158\n A buffer overflow flaw was discovered in the mwifiex\n WiFi driver which could result in denial of service or\n the execution of arbitrary code via a long SSID value.\n\n - CVE-2021-3347\n It was discovered that PI futexes have a kernel stack\n use-after-free during fault handling. An unprivileged\n user could use this flaw to crash the kernel (resulting\n in denial of service) or for privilege escalation.\n\n - CVE-2021-20177\n A flaw was discovered in the Linux implementation of\n string matching within a packet. A privileged user (with\n root or CAP_NET_ADMIN) can take advantage of this flaw\n to cause a kernel panic when inserting iptables rules.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-27815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-27825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-27830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-28374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-29568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-29569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-29660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-29661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-36158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-3347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-20177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4843\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 4.19.171-2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"dasd-extra-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"dasd-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"efi-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fancontrol-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firewire-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firewire-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hyperv-daemons\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hypervisor-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ipv6-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jffs2-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"leds-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"leds-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libbpf-dev\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libbpf4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcpupower-dev\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcpupower1\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblockdep-dev\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblockdep4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-arm\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-s390\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-x86\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-config-4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-cpupower\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-4kc-malta\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-5kc-malta\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-686\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-686-pae\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-amd64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-arm64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-armel\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-armhf\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-i386\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mips\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mips64el\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mipsel\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-ppc64el\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-s390x\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-amd64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-arm64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-armmp\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-armmp-lpae\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-cloud-amd64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-common\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-common-rt\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-loongson-3\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-marvell\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-octeon\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-powerpc64le\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rpi\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-686-pae\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-amd64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-arm64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-armmp\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-s390x\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-4kc-malta\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-4kc-malta-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-5kc-malta\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-5kc-malta-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-pae-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-pae-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-amd64-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-amd64-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-arm64-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-arm64-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-lpae\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-lpae-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-cloud-amd64-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-cloud-amd64-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-loongson-3\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-loongson-3-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-marvell\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-marvell-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-octeon\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-octeon-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-powerpc64le\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-powerpc64le-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rpi\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rpi-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-686-pae-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-686-pae-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-amd64-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-amd64-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-arm64-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-arm64-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-armmp\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-armmp-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-s390x\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-s390x-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-amd64-signed-template\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-arm64-signed-template\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-i386-signed-template\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-libc-dev\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-source-4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-support-4.19.0-5\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lockdep\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"rtc-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"serial-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"speakup-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usbip\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:10:32", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2020-27815\n\nA flaw was reported in the JFS filesystem code allowing a local attacker with the ability to set extended attributes to cause a denial of service.\n\nCVE-2020-27825\n\nAdam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace ring buffer resizing logic due to a race condition, which could result in denial of service or information leak.\n\nCVE-2020-27830\n\nShisong Qin reported a NULL pointer dereference flaw in the Speakup screen reader core driver.\n\nCVE-2020-28374\n\nDavid Disseldorp discovered that the LIO SCSI target implementation performed insufficient checking in certain XCOPY requests. An attacker with access to a LUN and knowledge of Unit Serial Number assignments can take advantage of this flaw to read and write to any LIO backstore, regardless of the SCSI transport settings.\n\nCVE-2020-29568 (XSA-349)\n\nMichael Kurth and Pawel Wieczorkiewicz reported that frontends can trigger OOM in backends by updating a watched path.\n\nCVE-2020-29569 (XSA-350)\n\nOlivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free flaw which can be triggered by a block frontend in Linux blkback. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend.\n\nCVE-2020-29660\n\nJann Horn reported a locking inconsistency issue in the tty subsystem which may allow a local attacker to mount a read-after-free attack against TIOCGSID.\n\nCVE-2020-29661\n\nJann Horn reported a locking issue in the tty subsystem which can result in a use-after-free. A local attacker can take advantage of this flaw for memory corruption or privilege escalation.\n\nCVE-2020-36158\n\nA buffer overflow flaw was discovered in the mwifiex WiFi driver which could result in denial of service or the execution of arbitrary code via a long SSID value.\n\nCVE-2021-3347\n\nIt was discovered that PI futexes have a kernel stack use-after-free during fault handling. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.\n\nCVE-2021-20177\n\nA flaw was discovered in the Linux implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) can take advantage of this flaw to cause a kernel panic when inserting iptables rules.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.19.171-2~deb9u1.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-16T00:00:00", "type": "nessus", "title": "Debian DLA-2557-1 : linux-4.19 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27815", "CVE-2020-27825", "CVE-2020-27830", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2021-20177", "CVE-2021-3347"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-config-4.19", "p-cpe:/a:debian:debian_linux:linux-doc-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.19", "p-cpe:/a:debian:debian_linux:linux-perf-4.19", "p-cpe:/a:debian:debian_linux:linux-source-4.19", "p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2557.NASL", "href": "https://www.tenable.com/plugins/nessus/146512", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2557-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146512);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\"CVE-2020-27815\", \"CVE-2020-27825\", \"CVE-2020-27830\", \"CVE-2020-28374\", \"CVE-2020-29568\", \"CVE-2020-29569\", \"CVE-2020-29660\", \"CVE-2020-29661\", \"CVE-2020-36158\", \"CVE-2021-20177\", \"CVE-2021-3347\");\n\n script_name(english:\"Debian DLA-2557-1 : linux-4.19 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2020-27815\n\nA flaw was reported in the JFS filesystem code allowing a local\nattacker with the ability to set extended attributes to cause a denial\nof service.\n\nCVE-2020-27825\n\nAdam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace ring\nbuffer resizing logic due to a race condition, which could result in\ndenial of service or information leak.\n\nCVE-2020-27830\n\nShisong Qin reported a NULL pointer dereference flaw in the Speakup\nscreen reader core driver.\n\nCVE-2020-28374\n\nDavid Disseldorp discovered that the LIO SCSI target implementation\nperformed insufficient checking in certain XCOPY requests. An attacker\nwith access to a LUN and knowledge of Unit Serial Number assignments\ncan take advantage of this flaw to read and write to any LIO\nbackstore, regardless of the SCSI transport settings.\n\nCVE-2020-29568 (XSA-349)\n\nMichael Kurth and Pawel Wieczorkiewicz reported that frontends can\ntrigger OOM in backends by updating a watched path.\n\nCVE-2020-29569 (XSA-350)\n\nOlivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free\nflaw which can be triggered by a block frontend in Linux blkback. A\nmisbehaving guest can trigger a dom0 crash by continuously connecting\n/ disconnecting a block frontend.\n\nCVE-2020-29660\n\nJann Horn reported a locking inconsistency issue in the tty subsystem\nwhich may allow a local attacker to mount a read-after-free attack\nagainst TIOCGSID.\n\nCVE-2020-29661\n\nJann Horn reported a locking issue in the tty subsystem which can\nresult in a use-after-free. A local attacker can take advantage of\nthis flaw for memory corruption or privilege escalation.\n\nCVE-2020-36158\n\nA buffer overflow flaw was discovered in the mwifiex WiFi driver which\ncould result in denial of service or the execution of arbitrary code\nvia a long SSID value.\n\nCVE-2021-3347\n\nIt was discovered that PI futexes have a kernel stack use-after-free\nduring fault handling. An unprivileged user could use this flaw to\ncrash the kernel (resulting in denial of service) or for privilege\nescalation.\n\nCVE-2021-20177\n\nA flaw was discovered in the Linux implementation of string matching\nwithin a packet. A privileged user (with root or CAP_NET_ADMIN) can\ntake advantage of this flaw to cause a kernel panic when inserting\niptables rules.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.171-2~deb9u1.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux-4.19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux-4.19\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"linux-config-4.19\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-arm64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armel\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armhf\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-i386\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-arm64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common-rt\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-marvell\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rpi\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.19\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.19.0-0.bpo.10\", reference:\"4.19.171-2~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:02:26", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3.\n For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.(CVE-2020-28374)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2020-0427)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.(CVE-2020-28941)\n\n - NULL-ptr deref in the spk_ttyio_receive_buf2() function in spk_ttyio.c.(CVE-2020-27830)\n\n - In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2020-0465)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)\n\n - In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.(CVE-2020-27068)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - Array index out of bounds access when setting extended attributes on journaling filesystems.(CVE-2020-27815)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1148)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0427", "CVE-2020-0465", "CVE-2020-27068", "CVE-2020-27786", "CVE-2020-27815", "CVE-2020-27830", "CVE-2020-28374", "CVE-2020-28941", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-source", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1148.NASL", "href": "https://www.tenable.com/plugins/nessus/145726", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145726);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2020-0427\",\n \"CVE-2020-0465\",\n \"CVE-2020-27068\",\n \"CVE-2020-27786\",\n \"CVE-2020-27815\",\n \"CVE-2020-27830\",\n \"CVE-2020-28374\",\n \"CVE-2020-28941\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1148)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In drivers/target/target_core_xcopy.c in the Linux\n kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote\n attackers to read or write files via directory\n traversal in an XCOPY request, aka CID-2896c93811e3.\n For example, an attack can occur over a network if the\n attacker has access to one iSCSI LUN. The attacker\n gains control over file access because I/O operations\n are proxied via an attacker-selected\n backstore.(CVE-2020-28374)\n\n - In create_pinctrl of core.c, there is a possible out of\n bounds read due to a use after free. This could lead to\n local information disclosure with no additional\n execution privileges needed. User interaction is not\n needed for exploitation.(CVE-2020-0427)\n\n - mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c in the\n Linux kernel through 5.10.4 might allow remote\n attackers to execute arbitrary code via a long SSID\n value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An issue was discovered in\n drivers/accessibility/speakup/spk_ttyio.c in the Linux\n kernel through 5.9.9. Local attackers on systems with\n the speakup driver could cause a local denial of\n service attack, aka CID-d41227544427. This occurs\n because of an invalid free when the line discipline is\n used more than once.(CVE-2020-28941)\n\n - NULL-ptr deref in the spk_ttyio_receive_buf2() function\n in spk_ttyio.c.(CVE-2020-27830)\n\n - In various methods of hid-multitouch.c, there is a\n possible out of bounds write due to a missing bounds\n check. This could lead to local escalation of privilege\n with no additional execution privileges needed. User\n interaction is not needed for\n exploitation.(CVE-2020-0465)\n\n - A flaw was found in the Linux kernels implementation of\n MIDI, where an attacker with a local account and the\n permissions to issue an ioctl commands to midi devices,\n could trigger a use-after-free. A write to this\n specific memory while freed and before use could cause\n the flow of execution to change and possibly allow for\n memory corruption or privilege\n escalation.(CVE-2020-27786)\n\n - In the nl80211_policy policy of nl80211.c, there is a\n possible out of bounds read due to a missing bounds\n check. This could lead to local information disclosure\n with System execution privileges needed. User\n interaction is not required for\n exploitation.(CVE-2020-27068)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - Array index out of bounds access when setting extended\n attributes on journaling filesystems.(CVE-2020-27815)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1148\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?30ea9acb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bpftool-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"kernel-source-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:02:25", "description": "The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-29373: Fixed an unsafe handling of the root directory during path lookups in fs/io_uring.c (bnc#1179434).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).\n\nCVE-2020-27830: Fixed a NULL pointer dereference in speakup (bsc#1179656).\n\nCVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk (bnc#1179435).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-14T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0108-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-11668", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27825", "CVE-2020-27830", "CVE-2020-29370", "CVE-2020-29373", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0108-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144959", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0108-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144959);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-11668\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27825\",\n \"CVE-2020-27830\",\n \"CVE-2020-29370\",\n \"CVE-2020-29373\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0108-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-29373: Fixed an unsafe handling of the root directory during\npath lookups in fs/io_uring.c (bnc#1179434).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the\nXirlink camera USB driver (bnc#1168952).\n\nCVE-2020-27830: Fixed a NULL pointer dereference in speakup\n(bsc#1179656).\n\nCVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk\n(bnc#1179435).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180261\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27830/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29370/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29373/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210108-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e05a131\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-108=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-5.3.18-22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-29T15:04:34", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4912-1 advisory.\n\n - In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-161151868References: N/A (CVE-2020-0423)\n\n - In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-162844689References: Upstream kernel (CVE-2020-0465)\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-147802478References: Upstream kernel (CVE-2020-0466)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of- bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\n - A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3411)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. (CVE-2021-20194)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4912-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0423", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-14351", "CVE-2020-14390", "CVE-2020-25285", "CVE-2020-25645", "CVE-2020-25669", "CVE-2020-27830", "CVE-2020-36158", "CVE-2021-20194", "CVE-2021-29154", "CVE-2021-3178", "CVE-2021-3411"], "modified": "2023-10-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.6.0-1053-oem"], "id": "UBUNTU_USN-4912-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148494", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4912-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148494);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2020-0423\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-14351\",\n \"CVE-2020-14390\",\n \"CVE-2020-25285\",\n \"CVE-2020-25645\",\n \"CVE-2020-25669\",\n \"CVE-2020-27830\",\n \"CVE-2020-36158\",\n \"CVE-2021-3178\",\n \"CVE-2021-3411\",\n \"CVE-2021-20194\",\n \"CVE-2021-29154\"\n );\n script_xref(name:\"USN\", value:\"4912-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4912-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4912-1 advisory.\n\n - In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could\n lead to local escalation of privilege in the kernel with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-161151868References: N/A (CVE-2020-0423)\n\n - In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds\n check. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-162844689References: Upstream kernel (CVE-2020-0465)\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic\n error. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-147802478References: Upstream kernel (CVE-2020-0466)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-\n bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a\n subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via\n READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this\n attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\n - A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found\n while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2021-3411)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config\n params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y ,\n CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution,\n the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap\n overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly\n privileges escalation. (CVE-2021-20194)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4912-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.6.0-1053-oem\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.6.0': {\n 'oem': '5.6.0-1053'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4912-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2020-0423', 'CVE-2020-0465', 'CVE-2020-0466', 'CVE-2020-14351', 'CVE-2020-14390', 'CVE-2020-25285', 'CVE-2020-25645', 'CVE-2020-25669', 'CVE-2020-27830', 'CVE-2020-36158', 'CVE-2021-3178', 'CVE-2021-3411', 'CVE-2021-20194', 'CVE-2021-29154');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4912-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:02:24", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a LIO security issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0133-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-28374", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0133-1.NASL", "href": "https://www.tenable.com/plugins/nessus/145120", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0133-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145120);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2018-20669\",\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-28374\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0133-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a LIO security issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c\n(bsc#1179663).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in\ndrivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179421\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210133-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9b2ee691\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2021-133=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2021-133=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-133=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-133=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2021-133=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.57.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T15:19:17", "description": "The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0118-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-28374", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0118-1.NASL", "href": "https://www.tenable.com/plugins/nessus/145018", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0118-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145018);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2018-20669\",\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-28374\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0118-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c\n(bsc#1179663).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210118-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3fabc347\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP1-2021-118=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-118=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2021-118=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2021-118=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-118=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-118=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.78.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:41", "description": "The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-29373: Fixed an unsafe handling of the root directory during path lookups in fs/io_uring.c (bnc#1179434).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).\n\nCVE-2020-27830: Fixed a NULL pointer dereference in speakup (bsc#1179656).\n\nCVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk (bnc#1179435).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0117-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-11668", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-27830", "CVE-2020-28374", "CVE-2020-29370", "CVE-2020-29373", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0117-1.NASL", "href": "https://www.tenable.com/plugins/nessus/145025", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0117-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145025);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-11668\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-27830\",\n \"CVE-2020-28374\",\n \"CVE-2020-29370\",\n \"CVE-2020-29373\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0117-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-29373: Fixed an unsafe handling of the root directory during\npath lookups in fs/io_uring.c (bnc#1179434).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the\nXirlink camera USB driver (bnc#1168952).\n\nCVE-2020-27830: Fixed a NULL pointer dereference in speakup\n(bsc#1179656).\n\nCVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk\n(bnc#1179435).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178756\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180261\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27830/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29370/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29373/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210117-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?57d64693\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-117=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-117=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-117=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-117=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-117=1\n\nSUSE Linux Enterprise High Availability 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-117=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.46.1.9.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.46.1.9.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.46.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:00:27", "description": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-27835: A use after free in the Linux kernel infiniband hfi1 driver was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).\n\n - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846).\n\n - CVE-2020-28374: In drivers/target/target_core_xcopy.c insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN.\n The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore (bnc#1178372).\n\n - CVE-2020-36158: mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c might have allowed remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332 (bnc#1180559).\n\n - CVE-2020-27825: A use-after-free flaw was found in kernel/trace/ring_buffer.c. There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat (bnc#1179960).\n\n - CVE-2020-0466: In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180031).\n\n - CVE-2020-27068: In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation (bnc#1180086).\n\n - CVE-2020-0444: In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180027).\n\n - CVE-2020-0465: In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180029).\n\n - CVE-2020-29661: A locking issue was discovered in the tty subsystem of the Linux kernel drivers/tty/tty_jobctrl.c allowed a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b (bnc#1179745).\n\n - CVE-2020-29660: A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may have allowed a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24 (bnc#1179745).\n\n - CVE-2020-27777: A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel (bnc#1179107).\n\n - CVE-2020-29373: An issue was discovered in fs/io_uring.c in the Linux kernel It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d (bnc#1179434).\n\n - CVE-2020-11668: drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandled invalid descriptors, aka CID-a246b4d54770 (bnc#1168952).\n\n - CVE-2020-27830: Fixed a NULL-ptr deref bug in spk_ttyio_receive_buf2 (bnc#1179656).\n\n - CVE-2020-29370: An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71 (bnc#1179435).\n\n - CVE-2020-27786: A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation (bnc#1179601).\n\nThe following non-security bugs were fixed :\n\n - ACPI: APEI: Kick the memory_failure() queue for synchronous errors (jsc#SLE-16610).\n\n - ACPI: PNP: compare the string length in the matching_id() (git-fixes).\n\n - ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G (git-fixes).\n\n - ALSA: core: memalloc: add page alignment for iram (git-fixes).\n\n - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes).\n\n - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes).\n\n - ALSA: hda/conexant: add a new hda codec CX11970 (git-fixes).\n\n - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes).\n\n - ALSA: hda/hdmi: always print pin NIDs as hexadecimal (git-fixes).\n\n - ALSA: hda/hdmi: packet buffer index must be set before reading value (git-fixes).\n\n - ALSA: hda/proc - print DP-MST connections (git-fixes).\n\n - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes).\n\n - ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button (git-fixes).\n\n - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes).\n\n - ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 (git-fixes).\n\n - ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 (git-fixes).\n\n - ALSA: hda/realtek - Fixed Dell AIO wrong sound tone (git-fixes).\n\n - ALSA: hda/realtek - Modify Dell platform name (git-fixes).\n\n - ALSA: hda/realtek - Supported Dell fixed type headset (git-fixes).\n\n - ALSA: hda/realtek: Add mute LED quirk for more HP laptops (git-fixes).\n\n - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for MSI-GP73 (git-fixes).\n\n - ALSA: hda/realtek: Add two 'Intel Reference board' SSID in the ALC256 (git-fixes).\n\n - ALSA: hda/realtek: Apply jack fixup for Quanta NL3 (git-fixes).\n\n - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes).\n\n - ALSA: hda/realtek: Enable mute and micmute LED on HP EliteBook 850 G7 (git-fixes).\n\n - ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (git-fixes).\n\n - ALSA: hda/realtek: Remove dummy lineout on Acer TravelMate P648/P658 (git-fixes).\n\n - ALSA: hda/realtek: make bass spk volume adjustable on a yoga laptop (git-fixes).\n\n - ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes).\n\n - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes).\n\n - ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes).\n\n - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes).\n\n - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes).\n\n - ALSA: rawmidi: Access runtime->avail always in spinlock (git-fixes).\n\n - ALSA: seq: remove useless function (git-fixes).\n\n - ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices (git-fixes).\n\n - ALSA: usb-audio: Add generic implicit fb parsing (bsc#1178203).\n\n - ALSA: usb-audio: Add hw constraint for implicit fb sync (bsc#1178203).\n\n - ALSA: usb-audio: Add implicit fb support for Steinberg UR22 (git-fixes).\n\n - ALSA: usb-audio: Add implicit_fb module option (bsc#1178203).\n\n - ALSA: usb-audio: Add quirk for BOSS AD-10 (git-fixes).\n\n - ALSA: usb-audio: Add quirk for Pioneer DJ DDJ-SR2 (git-fixes).\n\n - ALSA: usb-audio: Add quirk for RC-505 (git-fixes).\n\n - ALSA: usb-audio: Add snd_usb_get_endpoint() helper (bsc#1178203).\n\n - ALSA: usb-audio: Add snd_usb_get_host_interface() helper (bsc#1178203).\n\n - ALSA: usb-audio: Add support for Pioneer DJ DDJ-RR controller (git-fixes).\n\n - ALSA: usb-audio: Always set up the parameters after resume (bsc#1178203).\n\n - ALSA: usb-audio: Avoid doubly initialization for implicit fb (bsc#1178203).\n\n - ALSA: usb-audio: Check implicit feedback EP generically for UAC2 (bsc#1178203).\n\n - ALSA: usb-audio: Check valid altsetting at parsing rates for UAC2/3 (bsc#1178203).\n\n - ALSA: usb-audio: Constify audioformat pointer references (bsc#1178203).\n\n - ALSA: usb-audio: Convert to the common vmalloc memalloc (bsc#1178203).\n\n - ALSA: usb-audio: Correct wrongly matching entries with audio class (bsc#1178203).\n\n - ALSA: usb-audio: Create endpoint objects at parsing phase (bsc#1178203).\n\n - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes).\n\n - ALSA: usb-audio: Do not call usb_set_interface() at trigger callback (bsc#1178203).\n\n - ALSA: usb-audio: Do not set altsetting before initializing sample rate (bsc#1178203).\n\n - ALSA: usb-audio: Drop debug.h (bsc#1178203).\n\n - ALSA: usb-audio: Drop keep_interface flag again (bsc#1178203).\n\n - ALSA: usb-audio: Drop unneeded snd_usb_substream fields (bsc#1178203).\n\n - ALSA: usb-audio: Factor out the implicit feedback quirk code (bsc#1178203).\n\n - ALSA: usb-audio: Fix EP matching for continuous rates (bsc#1178203).\n\n - ALSA: usb-audio: Fix MOTU M-Series quirks (bsc#1178203).\n\n - ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks (git-fixes).\n\n - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes).\n\n - ALSA: usb-audio: Fix possible stall of implicit fb packet ring-buffer (bsc#1178203).\n\n - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes).\n\n - ALSA: usb-audio: Fix quirks for other BOSS devices (bsc#1178203).\n\n - ALSA: usb-audio: Handle discrete rates properly in hw constraints (bsc#1178203).\n\n - ALSA: usb-audio: Improve some debug prints (bsc#1178203).\n\n - ALSA: usb-audio: Move device rename and profile quirks to an internal table (bsc#1178203).\n\n - ALSA: usb-audio: Move snd_usb_autoresume() call out of setup_hw_info() (bsc#1178203).\n\n - ALSA: usb-audio: Pass snd_usb_audio object to quirk functions (bsc#1178203).\n\n - ALSA: usb-audio: Properly match with audio interface class (bsc#1178203).\n\n - ALSA: usb-audio: Quirk for BOSS GT-001 (bsc#1178203).\n\n - ALSA: usb-audio: Refactor endpoint management (bsc#1178203).\n\n - ALSA: usb-audio: Refactoring endpoint URB deactivation (bsc#1178203).\n\n - ALSA: usb-audio: Replace slave/master terms (bsc#1178203).\n\n - ALSA: usb-audio: Set and clear sync EP link properly (bsc#1178203).\n\n - ALSA: usb-audio: Set callbacks via snd_usb_endpoint_set_callback() (bsc#1178203).\n\n - ALSA: usb-audio: Show sync endpoint information in proc outputs (bsc#1178203).\n\n - ALSA: usb-audio: Simplify hw_params rules (bsc#1178203).\n\n - ALSA: usb-audio: Simplify quirk entries with a macro (bsc#1178203).\n\n - ALSA: usb-audio: Simplify rate_min/max and rates set up (bsc#1178203).\n\n - ALSA: usb-audio: Simplify snd_usb_init_pitch() arguments (bsc#1178203).\n\n - ALSA: usb-audio: Simplify snd_usb_init_sample_rate() arguments (bsc#1178203).\n\n - ALSA: usb-audio: Stop both endpoints properly at error (bsc#1178203).\n\n - ALSA: usb-audio: Support PCM sync_stop (bsc#1178203).\n\n - ALSA: usb-audio: Track implicit fb sync endpoint in audioformat list (bsc#1178203).\n\n - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes).\n\n - ALSA: usb-audio: Unify the code for the next packet size calculation (bsc#1178203).\n\n - ALSA: usb-audio: Use ALC1220-VB-DT mapping for ASUS ROG Strix TRX40 mobo (bsc#1178203).\n\n - ALSA: usb-audio: Use atomic_t for endpoint use_count (bsc#1178203).\n\n - ALSA: usb-audio: Use managed buffer allocation (bsc#1178203).\n\n - ALSA: usb-audio: Use unsigned char for iface and altsettings fields (bsc#1178203).\n\n - ALSA: usb-audio: workaround for iface reset issue (bsc#1178203).\n\n - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 Detachable quirks (git-fixes).\n\n - ASoC: SOF: control: fix size checks for ext_bytes control .get() (git-fixes).\n\n - ASoC: amd: change clk_get() to devm_clk_get() and add missed checks (git-fixes).\n\n - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes).\n\n - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes).\n\n - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes).\n\n - ASoC: meson: fix COMPILE_TEST error (git-fixes).\n\n - ASoC: pcm: DRAIN support reactivation (git-fixes).\n\n - ASoC: sun4i-i2s: Fix lrck_period computation for I2S justified mode (git-fixes).\n\n - ASoC: tegra20-spdif: remove 'default m' (git-fixes).\n\n - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params (git-fixes).\n\n - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes).\n\n - ASoC: wm_adsp: fix error return code in wm_adsp_load() (git-fixes).\n\n - ASoC: wm_adsp: remove 'ctl' from list on error in wm_adsp_create_control() (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in hci_event_packet() (git-fixes).\n\n - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes).\n\n - Bluetooth: btmtksdio: Add the missed release_firmware() in mtk_setup_firmware() (git-fixes).\n\n - Bluetooth: btusb: Add the missed release_firmware() in btusb_mtk_setup_firmware() (git-fixes).\n\n - Bluetooth: hci_h5: close serdev device and free hu in h5_close (git-fixes).\n\n - Bluetooth: hci_h5: fix memory leak in h5_close (git-fixes).\n\n - Drop a backported uvcvideo patch that caused a regression (bsc#1180117) Also blacklisting the commit\n\n - EDAC/amd64: Do not load on family 0x15, model 0x13 (bsc#1179763).\n\n - EDAC/amd64: Fix PCI component registration (bsc#1152489).\n\n - EDAC/i10nm: Use readl() to access MMIO registers (bsc#1152489).\n\n - EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD NodeId (bsc#1152489).\n\n - HID: Add Logitech Dinovo Edge battery quirk (git-fixes).\n\n - HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices (git-fixes).\n\n - HID: add support for Sega Saturn (git-fixes).\n\n - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes).\n\n - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes).\n\n - HID: i2c-hid: add Vero K147 to descriptor override (git-fixes).\n\n - HID: ite: Replace ABS_MISC 120/121 events with touchpad on/off keypresses (git-fixes).\n\n - HID: logitech-hidpp: Add HIDPP_CONSUMER_VENDOR_KEYS quirk for the Dinovo Edge (git-fixes).\n\n - HID: uclogic: Add ID for Trust Flex Design Tablet (git-fixes).\n\n - HMAT: Register memory-side cache after parsing (bsc#1178660).\n\n - HMAT: Skip publishing target info for nodes with no online memory (bsc#1178660).\n\n - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes).\n\n - IB/hfi1: Remove kobj from hfi1_devdata (bsc#1179878).\n\n - IB/hfi1: Remove module parameter for KDETH qpns (bsc#1179878).\n\n - IB/isert: Fix unaligned immediate-data handling (bsc#1152489)\n\n - IB/mlx4: Add and improve logging (bsc#1152489)\n\n - IB/mlx4: Add support for MRA (bsc#1152489)\n\n - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1152489)\n\n - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1152489)\n\n - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1152489)\n\n - IB/rdmavt: Fix sizeof mismatch (bsc#1152489)\n\n - IB/srpt: Fix memory leak in srpt_add_one (bsc#1152489)\n\n - IB/uverbs: Set IOVA on IB MR in uverbs layer (bsc#1152489)\n\n - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes).\n\n - Input: ads7846 - fix race that causes missing releases (git-fixes).\n\n - Input: ads7846 - fix unaligned access on 7845 (git-fixes).\n\n - Input: cm109 - do not stomp on control URB (git-fixes).\n\n - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes).\n\n - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes).\n\n - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes).\n\n - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes).\n\n - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes).\n\n - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes).\n\n - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes).\n\n - Input: omap4-keypad - fix runtime PM error handling (git-fixes).\n\n - Input: xpad - support Ardwiino Controllers (git-fixes).\n\n - KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page (bsc#1156395).\n\n - Move 'btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575).' to sorted section\n\n - Move upstreamed USB-audio patches into sorted section\n\n - PCI: Fix overflow in command-line resource alignment requests (git-fixes).\n\n - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes).\n\n - PCI: brcmstb: Initialize 'tmp' before use (git-fixes).\n\n - PCI: iproc: Fix out-of-bound array accesses (git-fixes).\n\n - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#1152489)\n\n - RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1152489)\n\n - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1152489)\n\n - RDMA/core: Fix bogus WARN_ON during ib_unregister_device_queued() (bsc#1152489)\n\n - RDMA/core: Fix reported speed and width (bsc#1152489)\n\n - RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#1152489)\n\n - RDMA/core: Free DIM memory in error unwind (bsc#1152489)\n\n - RDMA/core: Stop DIM before destroying CQ (bsc#1152489)\n\n - RDMA/counter: Allow manually bind QPs with different pids to same counter (bsc#1152489)\n\n - RDMA/counter: Only bind user QPs in auto mode (bsc#1152489)\n\n - RDMA/hns: Add check for the validity of sl configuration (bsc#1152489)\n\n - RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1152489)\n\n - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1152489)\n\n - RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1152489)\n\n - RDMA/hns: Set the unsupported wr opcode (bsc#1152489)\n\n - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1152489)\n\n - RDMA/mlx5: Disable IB_DEVICE_MEM_MGT_EXTENSIONS if IB_WR_REG_MR can't work (bsc#1152489)\n\n - RDMA/netlink: Remove CAP_NET_RAW check when dump a raw QP (bsc#1152489)\n\n - RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device() (bsc#1152489)\n\n - RDMA/qedr: Endianness warnings cleanup (bsc#1152489)\n\n - RDMA/qedr: Fix doorbell setting (bsc#1152489)\n\n - RDMA/qedr: Fix iWARP active mtu display (bsc#1152489)\n\n - RDMA/qedr: Fix inline size returned for iWARP (bsc#1152489)\n\n - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1152489)\n\n - RDMA/qedr: Fix qp structure memory leak (bsc#1152489)\n\n - RDMA/qedr: Fix resource leak in qedr_create_qp (bsc#1152489)\n\n - RDMA/qedr: Fix use of uninitialized field (bsc#1152489)\n\n - RDMA/qedr: SRQ's bug fixes (bsc#1152489)\n\n - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1152489)\n\n - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1152489)\n\n - RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (bsc#1152489)\n\n - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1152489)\n\n - RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (bsc#1152489)\n\n - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1152489)\n\n - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1152489)\n\n - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1152489)\n\n - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1152489)\n\n - RDMA/rxe: Skip dgid check in loopback mode (bsc#1152489)\n\n - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1152489)\n\n - RDMA/umem: Fix ib_umem_find_best_pgsz() for mappings that cross a page boundary (bsc#1152489)\n\n - RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz() (bsc#1152489)\n\n - Re-import the upstream uvcvideo fix; one more fix will be added later (bsc#1180117)\n\n - Revert 'ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks' (git-fixes).\n\n - Revert 'ceph: allow rename operation under different quota realms' (bsc#1180541).\n\n - Revert 'geneve: pull IP header before ECN decapsulation' (git-fixes).\n\n - Revert 'i2c: i2c-qcom-geni: Fix DMA transfer race' (git-fixes).\n\n - Revert 'platform/x86: wmi: Destroy on cleanup rather than unregister' (git-fixes).\n\n - Revert 'powerpc/pseries/hotplug-cpu: Remove double free in error path' (bsc#1065729).\n\n - USB: UAS: introduce a quirk to set no_write_same (git-fixes).\n\n - USB: add RESET_RESUME quirk for Snapscan 1212 (git-fixes).\n\n - USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes).\n\n - USB: gadget: f_acm: add support for SuperSpeed Plus (git-fixes).\n\n - USB: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes).\n\n - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes).\n\n - USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes).\n\n - USB: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO built-in usb-audio card (git-fixes).\n\n - USB: serial: ch341: add new Product ID for CH341A (git-fixes).\n\n - USB: serial: ch341: sort device-id entries (git-fixes).\n\n - USB: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes).\n\n - USB: serial: iuu_phoenix: fix DMA from stack (git-fixes).\n\n - USB: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes).\n\n - USB: serial: keyspan_pda: fix stalled writes (git-fixes).\n\n - USB: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes).\n\n - USB: serial: keyspan_pda: fix write deadlock (git-fixes).\n\n - USB: serial: keyspan_pda: fix write unthrottling (git-fixes).\n\n - USB: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes).\n\n - USB: serial: kl5kusb105: fix memleak on open (git-fixes).\n\n - USB: serial: kl5kusb105: fix memleak on open (git-fixes).\n\n - USB: serial: mos7720: fix parallel-port state restore (git-fixes).\n\n - USB: serial: option: add Fibocom NL668 variants (git-fixes).\n\n - USB: serial: option: add interface-number sanity check to flag handling (git-fixes).\n\n - USB: serial: option: add support for Thales Cinterion EXS82 (git-fixes).\n\n - USB: serial: option: fix Quectel BG96 matching (git-fixes).\n\n - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set (git-fixes).\n\n - USB: yurex: fix control-URB timeout handling (git-fixes).\n\n - arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (jsc#SLE-16610).\n\n - arm64: mm: Fix ARCH_LOW_ADDRESS_LIMIT when !CONFIG_ZONE_DMA (git-fixes).\n\n - ath10k: Fix an error handling path (git-fixes).\n\n - ath10k: Release some resources in an error handling path (git-fixes).\n\n - ath6kl: fix enum-conversion warning (git-fixes).\n\n - batman-adv: Consider fragmentation for needed_headroom (git-fixes).\n\n - batman-adv: Do not always reallocate the fragmentation skb head (git-fixes).\n\n - batman-adv: Reserve needed_*room for fragments (git-fixes).\n\n - bitmap: remove unused function declaration (git-fixes).\n\n - blk-mq-blk-mq-provide-forced-completion-method.patch:\n (bsc#1175995,jsc#SLE-15608,bsc#1178756).\n\n - blk-mq: Remove 'running from the wrong CPU' warning (bsc#1174486).\n\n - block: return status code in blk_mq_end_request() (bsc#1171000, bsc#1165933).\n\n - bpf: Fix bpf_put_raw_tracepoint()'s use of\n __module_address() (git-fixes).\n\n - btrfs: add missing check for nocow and compression inode flags (bsc#1178780).\n\n - btrfs: allow btrfs_truncate_block() to fallback to nocow for data space reservation (bsc#1161099).\n\n - btrfs: delete duplicated words + other fixes in comments (bsc#1180566).\n\n - btrfs: do not commit logs and transactions during link and rename operations (bsc#1180566).\n\n - btrfs: do not take the log_mutex of the subvolume when pinning the log (bsc#1180566).\n\n - btrfs: fix missing delalloc new bit for new delalloc ranges (bsc#1180773).\n\n - btrfs: fix readahead hang and use-after-free after removing a device (bsc#1179963).\n\n - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963).\n\n - btrfs: make btrfs_dirty_pages take btrfs_inode (bsc#1180773).\n\n - btrfs: make btrfs_set_extent_delalloc take btrfs_inode (bsc#1180773).\n\n - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634).\n\n - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575).\n\n - bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes).\n\n - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes).\n\n - can: c_can: c_can_power_up(): fix error handling (git-fixes).\n\n - can: sja1000: sja1000_err(): do not count arbitration lose as an error (git-fixes).\n\n - can: softing: softing_netdev_open(): fix error handling (git-fixes).\n\n - can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an error (git-fixes).\n\n - cfg80211: initialize rekey_data (git-fixes).\n\n - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270).\n\n - cifs: add NULL check for ses->tcon_ipc (bsc#1178270).\n\n - cifs: allow syscalls to be restarted in\n __smb_send_rqst() (bsc#1176956).\n\n - cifs: do not share tcons with DFS (bsc#1178270).\n\n - cifs: document and cleanup dfs mount (bsc#1178270).\n\n - cifs: ensure correct super block for DFS reconnect (bsc#1178270).\n\n - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270).\n\n - cifs: fix check of tcon dfs in smb1 (bsc#1178270).\n\n - cifs: fix double free error on share and prefix (bsc#1178270).\n\n - cifs: fix leaked reference on requeued write (bsc#1178270).\n\n - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).\n\n - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270).\n\n - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270).\n\n - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270).\n\n - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270).\n\n - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270).\n\n - cifs: merge __(cifs,smb2)_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270).\n\n - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270).\n\n - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270).\n\n - cifs: rename reconn_inval_dfs_target() (bsc#1178270).\n\n - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270).\n\n - clk: at91: sam9x60: remove atmel,osc-bypass support (git-fixes).\n\n - clk: ingenic: Fix divider calculation with div tables (git-fixes).\n\n - clk: mediatek: Make mtk_clk_register_mux() a static function (git-fixes).\n\n - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes).\n\n - clk: renesas: r9a06g032: Drop __packed for portability (git-fixes).\n\n - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes).\n\n - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes).\n\n - clk: tegra: Do not return 0 on failure (git-fixes).\n\n - clk: tegra: Fix duplicated SE clock entry (git-fixes).\n\n - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes).\n\n - clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI (git-fixes).\n\n - clocksource/drivers/arm_arch_timer: Use stable count reader in erratum sne (git-fixes).\n\n - clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent() (git-fixes).\n\n - clocksource/drivers/orion: Add missing clk_disable_unprepare() on error path (git-fixes).\n\n - compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case use (bsc#1178203).\n\n - coredump: fix core_pattern parse error (git-fixes).\n\n - cpufreq: ap806: Add missing MODULE_DEVICE_TABLE (git-fixes).\n\n - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes).\n\n - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes).\n\n - cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE (git-fixes).\n\n - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes).\n\n - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes).\n\n - cpufreq: vexpress-spc: Add missing MODULE_ALIAS (git-fixes).\n\n - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes).\n\n - crypto: atmel-i2c - select CONFIG_BITREVERSE (git-fixes).\n\n - crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd (git-fixes).\n\n - crypto: ecdh - avoid buffer overflow in ecdh_set_secret() (git-fixes).\n\n - crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() (git-fixes).\n\n - crypto: inside-secure - Fix sizeof() mismatch (git-fixes).\n\n - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes).\n\n - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes).\n\n - crypto: sun4i-ss - add the A33 variant of SS (git-fixes).\n\n - crypto: talitos - Endianess in current_desc_hdr() (git-fixes).\n\n - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes).\n\n - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes).\n\n - dmaengine: at_hdmac: Substitute kzalloc with kmalloc (git-fixes).\n\n - dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate() (git-fixes).\n\n - dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate() (git-fixes).\n\n - dmaengine: dw-edma: Fix use after free in dw_edma_alloc_chunk() (git-fixes).\n\n - dmaengine: mediatek: mtk-hsdma: Fix a resource leak in the error handling path of the probe function (git-fixes).\n\n - dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() (git-fixes).\n\n - dmaengine: xilinx_dma: check dma_async_device_register return value (git-fixes).\n\n - dmaengine: xilinx_dma: fix incompatible param warning in\n _child_probe() (git-fixes).\n\n - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes).\n\n - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes).\n\n - drm/amd/display: Fix wrong return value in dm_update_plane_state() (bsc#1152489)\n\n - drm/amdgpu: pass NULL pointer instead of 0 (bsc#1152489) Backporting changes: 	* context fixes\n\n - drm/crc-debugfs: Fix memleak in crc_control_write (bsc#1152472)\n\n - drm/gma500: fix error check (bsc#1152472) Backporting changes: 	* context fixes\n\n - drm/i915/gem: Avoid implicit vmap for highmem on x86-32 (bsc#1152489) Backporting changes: 	* context fixes\n\n - drm/i915: Fix sha_text population code (bsc#1152489) Backporting changes: 	* context fixes 	* adapted I/O functions to old driver\n\n - drm/imx: tve remove extraneous type qualifier (bsc#1152489)\n\n - drm/mediatek: Add exception handing in mtk_drm_probe() if component (bsc#1152472)\n\n - drm/mediatek: Add missing put_device() call in (bsc#1152472)\n\n - drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152472) Backporting changes:\n 	* context fixes 	* adapted to function layout\n\n - drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1152489)\n\n - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (bsc#1152489) Backporting changes: 	* context fixes\n\n - drm/panfrost: Ensure GPU quirks are always initialised (bsc#1152489)\n\n - drm/panfrost: increase readl_relaxed_poll_timeout values (bsc#1152472) Backporting changes: 	* context fixes\n\n - drm/radeon: Prefer lower feedback dividers (bsc#1152489)\n\n - drm/sun4i: sun8i-csc: Secondary CSC register correction (bsc#1152489)\n\n - drm/vc4/vc4_hdmi: fill ASoC card owner (bsc#1152489)\n\n - drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1152472) Backporting changes: 	* context fixes\n\n - drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1152489) Backporting changes: 	* context fixes\n\n - drm/vkms: fix xrgb on compute crc (bsc#1152472) Backporting changes: 	* changed filename from vkms_composer.c to vkms_crc.c 	* context fixes\n\n - drm: mxsfb: Remove fbdev leftovers (bsc#1152472) Backporting changes: 	* context fixes\n\n - drm: mxsfb: check framebuffer pitch (bsc#1152472) Backporting changes: 	* context fixes\n\n - drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1152489)\n\n - drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1152472) Backporting changes: 	* context fixes\n\n - drm: rcar-du: Put reference to VSP device (bsc#1152489)\n\n - epoll: Keep a reference on files added to the check list (bsc#1180031).\n\n - ethtool: fix error handling in ethtool_phys_id (git-fixes).\n\n - ext4: correctly report 'not supported' for (usr,grp)jquota when !CONFIG_QUOTA (bsc#1179672).\n\n - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716).\n\n - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670).\n\n - ext4: limit entries returned when counting fsmap records (bsc#1179671).\n\n - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673).\n\n - extcon: max77693: Fix modalias string (git-fixes).\n\n - fail_function: Remove a redundant mutex unlock (bsc#1149032).\n\n - fbcon: Remove the superfluous break (bsc#1152472)\n\n - firmware: arm_sdei: Document the motivation behind these set_fs() calls (jsc#SLE-16610).\n\n - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes).\n\n - fs/minix: check return value of sb_getblk() (bsc#1179676).\n\n - fs/minix: do not allow getting deleted inodes (bsc#1179677).\n\n - fs/minix: fix block limit check for V1 filesystems (bsc#1179680).\n\n - fs/minix: reject too-large maximum file size (bsc#1179678).\n\n - fs/minix: remove expected error message in block_to_path() (bsc#1179681).\n\n - fs/minix: set s_maxbytes correctly (bsc#1179679).\n\n - fs/ufs: avoid potential u32 multiplication overflow (bsc#1179682).\n\n - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711).\n\n - ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes).\n\n - geneve: pull IP header before ECN decapsulation (git-fixes).\n\n - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729).\n\n - genirq/matrix: Deal with the sillyness of for_each_cpu() on UP (bsc#1156315).\n\n - gpio: mvebu: fix potential user-after-free on probe (git-fixes).\n\n - gpio: mvebu: update Armada XP per-CPU comment (git-fixes).\n\n - i2c: i801: Fix the i2c-mux gpiod_lookup_table not being properly terminated (git-fixes).\n\n - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes).\n\n - i2c: sprd: use a specific timeout to avoid system hang up issue (git-fixes).\n\n - i3c master: fix missing destroy_workqueue() on error in i3c_master_register (git-fixes).\n\n - ibmvnic: add some debugs (bsc#1179896 ltc#190255).\n\n - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes).\n\n - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes).\n\n - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes).\n\n - ibmvnic: enhance resetting status check during module exit (bsc#1065729).\n\n - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes).\n\n - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes).\n\n - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes).\n\n - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes).\n\n - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes).\n\n - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes).\n\n - iio: buffer: Fix demux update (git-fixes).\n\n - iio:adc:ti-ads124s08: Fix alignment and data leak issues (git-fixes).\n\n - iio:adc:ti-ads124s08: Fix buffer being too long (git-fixes).\n\n - iio:imu:bmi160: Fix too large a buffer (git-fixes).\n\n - iio:light:rpr0521: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio:light:st_uvis25: Fix timestamp alignment and prevent data leak (git-fixes).\n\n - iio:magnetometer:mag3110: Fix alignment and data leak issues (git-fixes).\n\n - iio:pressure:mpl3115: Force alignment of buffer (git-fixes).\n\n - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes).\n\n - iomap: Clear page error before beginning a write (bsc#1179683).\n\n - iomap: Mark read blocks uptodate in write_begin (bsc#1179684).\n\n - iomap: Set all uptodate bits for an Uptodate page (bsc#1179685).\n\n - iommu-amd-Increase-interrupt-remapping-table-limit-t.pat ch: (bsc#1179652).\n\n - iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs (bsc#1179652).\n\n - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes).\n\n - iwlwifi: mvm: hook up missing RX handlers (git-fixes).\n\n - iwlwifi: pcie: add one missing entry for AX210 (git-fixes).\n\n - iwlwifi: pcie: limit memory read spin time (git-fixes).\n\n - jbd2: fix up sparse warnings in checkpoint code (bsc#1179707).\n\n - kABI workaround for HD-audio generic parser (git-fixes).\n\n - kABI workaround for USB audio driver (bsc#1178203).\n\n - kABI: genirq: add back irq_create_mapping (bsc#1065729).\n\n - kdb: Fix pager search for multi-line strings (git-fixes).\n\n - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253).\n\n - kgdb: Drop malformed kernel doc comment (git-fixes).\n\n - lan743x: fix for potential NULL pointer dereference with bare card (git-fixes).\n\n - lib/string: remove unnecessary #undefs (git-fixes).\n\n - libfs: fix error cast of negative value in simple_attr_write() (bsc#1179709).\n\n - locking/percpu-rwsem: Use this_cpu_(inc,dec)() for read_count (bsc#1149032).\n\n - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes).\n\n - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes).\n\n - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727).\n\n - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727).\n\n - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727).\n\n - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).\n\n - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727).\n\n - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727).\n\n - md/cluster: block reshape with remote resync job (bsc#1163727).\n\n - md/cluster: fix deadlock when node is doing resync job (bsc#1163727).\n\n - media: gp8psk: initialize stats at power control logic (git-fixes).\n\n - media: gspca: Fix memory leak in probe (git-fixes).\n\n - media: imx214: Fix stop streaming (git-fixes).\n\n - media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE (git-fixes).\n\n - media: ipu3-cio2: Remove traces of returned buffers (git-fixes).\n\n - media: ipu3-cio2: Return actual subdev format (git-fixes).\n\n - media: ipu3-cio2: Serialise access to pad format (git-fixes).\n\n - media: ipu3-cio2: Validate mbus format in setting subdev format (git-fixes).\n\n - media: max2175: fix max2175_set_csm_mode() error code (git-fixes).\n\n - media: msi2500: assign SPI bus number dynamically (git-fixes).\n\n - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_dec_pm() (git-fixes).\n\n - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_enc_pm() (git-fixes).\n\n - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes).\n\n - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes).\n\n - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes).\n\n - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes).\n\n - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes).\n\n - media: tm6000: Fix sizeof() mismatches (git-fixes).\n\n - media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values (bsc#1180117).\n\n - memstick: fix a double-free bug in memstick_check (git-fixes).\n\n - memstick: r592: Fix error return in r592_probe() (git-fixes).\n\n - mfd: rt5033: Fix errorneous defines (git-fixes).\n\n - misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes).\n\n - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258).\n\n - mm/error_inject: Fix allow_error_inject function signatures (bsc#1179710).\n\n - mm/memory-failure: Add memory_failure_queue_kick() (jsc#SLE-16610).\n\n - mm/memory_hotplug: shrink zones when offlining memory (bsc#1177679).\n\n - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204).\n\n - mm: memcg: fix memcg reclaim soft lockup (VM Functionality, bsc#1180056).\n\n - mmc: block: Fixup condition for CMD13 polling for RPMB requests (git-fixes).\n\n - mmc: pxamci: Fix error return code in pxamci_probe (git-fixes).\n\n - mtd: rawnand: gpmi: Fix the random DMA timeout issue (git-fixes).\n\n - mtd: rawnand: gpmi: fix reference count leak in gpmi ops (git-fixes).\n\n - mtd: rawnand: meson: Fix a resource leak in init (git-fixes).\n\n - mtd: rawnand: meson: fix meson_nfc_dma_buffer_release() arguments (git-fixes).\n\n - mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read (git-fixes).\n\n - mtd: spinand: Fix OOB read (git-fixes).\n\n - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes).\n\n - net/x25: prevent a couple of overflows (bsc#1178590).\n\n - net: sctp: Rename fallthrough label to unhandled (bsc#1178203).\n\n - nfc: s3fwrn5: Release the nfc firmware (git-fixes).\n\n - nvme-fabrics: allow to queue requests for live queues (git-fixes).\n\n - nvme-fabrics: do not check state NVME_CTRL_NEW for request acceptance (bsc#1179519).\n\n - nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt context (bsc#1177326).\n\n - nvme-fc: cancel async events before freeing event struct (git-fixes).\n\n - nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery (bsc#1177326).\n\n - nvme-fc: fix error loop in create_hw_io_queues (git-fixes).\n\n - nvme-fc: fix io timeout to abort I/O (bsc#1177326).\n\n - nvme-fc: remove err_work work item (bsc#1177326).\n\n - nvme-fc: remove nvme_fc_terminate_io() (bsc#1177326).\n\n - nvme-fc: shorten reconnect delay if possible for FC (git-fixes).\n\n - nvme-fc: track error_recovery while connecting (bsc#1177326).\n\n - nvme-fc: wait for queues to freeze before calling (git-fixes).\n\n - nvme-force-complete-cancelled-requests.patch:\n (bsc#1175995,bsc#1178756,jsc#SLE-15608). Without this we can end up with a series of nvme QID timeouts, regardless of filesystem when fstests is used or any error injection mechanism is used. Without this fix, we end up with 9 failures on xfs, but due to its generic nature, will likely end up with other failures on other filesystems. This does not allow a clean slate reliable fstests run. This fixes that issue. Through code inspection I found these changes were already present on SLE15-SP3 but not on SLE15-SP2.\n\n - nvme-multipath: fix bogus request queue reference put (bsc#1175389).\n\n - nvme-multipath: fix deadlock between ana_work and scan_work (git-fixes).\n\n - nvme-multipath: fix deadlock due to head->lock (git-fixes).\n\n - nvme-pci: properly print controller address (git-fixes).\n\n - nvme-rdma: avoid race between time out and tear down (bsc#1179519).\n\n - nvme-rdma: avoid repeated request completion (bsc#1179519).\n\n - nvme-rdma: cancel async events before freeing event struct (git-fixes).\n\n - nvme-rdma: fix controller reset hang during traffic (bsc#1179519).\n\n - nvme-rdma: fix reset hang if controller died in the middle of a reset (bsc#1179519).\n\n - nvme-rdma: fix timeout handler (bsc#1179519).\n\n - nvme-rdma: handle unexpected nvme completion data length (bsc#1178612).\n\n - nvme-rdma: serialize controller teardown sequences (bsc#1179519).\n\n - nvme-tcp: avoid race between time out and tear down (bsc#1179519).\n\n - nvme-tcp: avoid repeated request completion (bsc#1179519).\n\n - nvme-tcp: avoid scheduling io_work if we are already polling (bsc#1179519).\n\n - nvme-tcp: break from io_work loop if recv failed (bsc#1179519).\n\n - nvme-tcp: cancel async events before freeing event struct (git-fixes).\n\n - nvme-tcp: do not poll a non-live queue (bsc#1179519).\n\n - nvme-tcp: fix controller reset hang during traffic (bsc#1179519).\n\n - nvme-tcp: fix possible crash in recv error flow (bsc#1179519).\n\n - nvme-tcp: fix possible leakage during error flow (git-fixes).\n\n - nvme-tcp: fix reset hang if controller died in the middle of a reset (bsc#1179519).\n\n - nvme-tcp: fix timeout handler (bsc#1179519).\n\n - nvme-tcp: have queue prod/cons send list become a llist (bsc#1179519).\n\n - nvme-tcp: leverage request plugging (bsc#1179519).\n\n - nvme-tcp: move send failure to nvme_tcp_try_send (bsc#1179519).\n\n - nvme-tcp: optimize network stack with setting msg flags (bsc#1179519).\n\n - nvme-tcp: optimize queue io_cpu assignment for multiple queue (git-fixes).\n\n - nvme-tcp: serialize controller teardown sequences (bsc#1179519).\n\n - nvme-tcp: set MSG_SENDPAGE_NOTLAST with MSG_MORE when we have (bsc#1179519).\n\n - nvme-tcp: try to send request in queue_rq context (bsc#1179519).\n\n - nvme-tcp: use bh_lock in data_ready (bsc#1179519).\n\n - nvme: Revert: Fix controller creation races with teardown (git-fixes).\n\n - nvme: do not protect ns mutation with ns->head->lock (git-fixes).\n\n - nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1179519).\n\n - nvme: introduce nvme_sync_io_queues (bsc#1179519).\n\n - nvmet-fc: fix missing check for no hostport struct (bsc#1176942).\n\n - nvmet-tcp: fix maxh2cdata icresp parameter (bsc#1179892).\n\n - ocfs2: fix unbalanced locking (bsc#1180506).\n\n - orinoco: Move context allocation after processing the skb (git-fixes).\n\n - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes).\n\n - pinctrl: aspeed: Fix GPIO requests on pass-through banks (git-fixes).\n\n - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes).\n\n - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes).\n\n - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes).\n\n - platform/chrome: cros_ec_spi: Do not overwrite spi::mode (git-fixes).\n\n - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes).\n\n - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes).\n\n - platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12 (git-fixes).\n\n - platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC (git-fixes).\n\n - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes).\n\n - platform/x86: mlx-platform: remove an unused variable (git-fixes).\n\n - platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen (git-fixes).\n\n - platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e (git-fixes).\n\n - platform/x86: touchscreen_dmi: Add info for the Irbis TW118 tablet (git-fixes).\n\n - power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching (git-fixes).\n\n - power: supply: bq24190_charger: fix reference leak (git-fixes).\n\n - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729).\n\n - powerpc/64s/powernv: Fix memory corruption when saving SLB entries on MCE (jsc#SLE-9246 git-fixes).\n\n - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253).\n\n - powerpc/64s: Fix allnoconfig build since uaccess flush (bsc#1177666 git-fixes).\n\n - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253).\n\n - powerpc/64s: Trim offlined CPUs from mm_cpumasks (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253).\n\n - powerpc/bitops: Fix possible undefined behaviour with fls() and fls64() (bsc#1156395).\n\n - powerpc/eeh_cache: Fix a possible debugfs deadlock (bsc#1156395).\n\n - powerpc/numa: Fix a regression on memoryless node 0 (bsc#1179639 ltc#189002).\n\n - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630).\n\n - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313).\n\n - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes).\n\n - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729).\n\n - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes).\n\n - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729).\n\n - powerpc: Avoid broken GCC __attribute__((optimize)) (bsc#1156395).\n\n - powerpc: Fix incorrect stw(, ux, u, x) instructions in\n __set_pte_at (bsc#1065729).\n\n - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes).\n\n - pwm: zx: Add missing cleanup in error path (git-fixes).\n\n - qede: Notify qedr when mtu has changed (bsc#1152489)\n\n - qtnfmac: fix error return code in qtnf_pcie_probe() (git-fixes).\n\n - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714).\n\n - r8169: work around power-saving bug on some chip versions (git-fixes).\n\n - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes).\n\n - regmap: debugfs: Fix a memory leak when calling regmap_attach_dev (git-fixes).\n\n - regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init() (git-fixes).\n\n - regulator: axp20x: Fix DLDO2 voltage control register mask for AXP22x (git-fixes).\n\n - regulator: mcp16502: add linear_min_sel (git-fixes).\n\n - reiserfs: Fix oops during mount (bsc#1179715).\n\n - reiserfs: Initialize inode keys properly (bsc#1179713).\n\n - remoteproc: q6v5-mss: fix error handling in q6v5_pds_enable (git-fixes).\n\n - remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() (git-fixes).\n\n - remoteproc: qcom: fix reference leak in adsp_start (git-fixes).\n\n - rsi: fix error return code in rsi_reset_card() (git-fixes).\n\n - rtc: ep93xx: Fix NULL pointer dereference in ep93xx_rtc_read_time (git-fixes).\n\n - rtc: hym8563: enable wakeup when applicable (git-fixes).\n\n - rtc: pl031: fix resource leak in pl031_probe (git-fixes).\n\n - rtc: sun6i: Fix memleak in sun6i_rtc_clk_init (git-fixes).\n\n - rtw88: debug: Fix uninitialized memory in debugfs code (git-fixes).\n\n - s390/cpuinfo: show processor physical address (git-fixes).\n\n - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes).\n\n - s390/qeth: delay draining the TX buffers (git-fixes).\n\n - s390/qeth: fix af_iucv notification race (git-fixes).\n\n - s390/qeth: fix tear down of async TX buffers (git-fixes).\n\n - s390/qeth: make af_iucv TX notification call more robust (bsc#1179604 LTC#190151).\n\n - s390: add 3f program exception handler (git-fixes).\n\n - samples/bpf: Remove unused test_ipip.sh (bsc#1155518).\n\n - samples: bpf: Refactor test_cgrp2_sock2 program with libbpf (bsc#1155518).\n\n - sched/fair: Check for idle core in wake_affine (git fixes (sched)).\n\n - sched/fair: Fix overutilized update in enqueue_task_fair() (git-fixes)\n\n - sched/fair: Fix race between runtime distribution and (git-fixes)\n\n - sched/fair: Fix wrong cpu selecting from isolated domain (git-fixes)\n\n - sched/fair: Refill bandwidth before scaling (git-fixes)\n\n - sched: correct SD_flags returned by tl->sd_flags() (git-fixes)\n\n - scsi: Remove unneeded break statements (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049).\n\n - scsi: core: Return BLK_STS_AGAIN for ALUA transitioning (bsc#1165933, bsc#1171000).\n\n - scsi: fnic: Avoid looping in TRANS ETH on unload (bsc#1175079).\n\n - scsi: fnic: Change shost_printk() to FNIC_FCS_DBG() (bsc#1175079).\n\n - scsi: fnic: Change shost_printk() to FNIC_MAIN_DBG() (bsc#1175079).\n\n - scsi: fnic: Set scsi_set_resid() only for underflow (bsc#1175079).\n\n - scsi: fnic: Validate io_req before others (bsc#1175079).\n\n - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix memory leak on lcb_context (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Reject CT request for MIB commands (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Remove set but not used 'qp' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Use generic power management (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: lpfc_bsg: Provide correct documentation for a bunch of functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: lpfc_nvme: Fix some kernel-doc related issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: lpfc_nvme: Remove unused variable 'phba' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: lpfc_nvmet: Fix-up some formatting and doc-rot issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: mpt3sas: A small correction in\n _base_process_reply_queue (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Add bypass_dirty_port_flag parameter (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Add functions to check if any cmd is outstanding on Target and LUN (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Add module parameter multipath_on_hba (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Allocate memory for hba_port objects (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Bump driver version to 35.101.00.00 (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Cancel the running work during host reset (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Capture IOC data for debugging purposes (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Define hba_port structure (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Detect tampered Aero and Sea adapters (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Disable DIF when prot_mask set to zero (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Do not call disable_irq from IRQ poll handler (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Do not change the DMA coherent mask after allocations (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Dump system registers for debugging (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Fix double free warnings (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Fix error returns in BRM_status_show (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Fix memset() in non-RDPQ mode (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Fix reply queue count in non RDPQ mode (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Fix set but unused variable (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Fix sync irqs (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Fix unlock imbalance (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Get device objects using sas_address & portID (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Get sas_device objects using device's rphy (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Handle vSES vphy object during HBA reset (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Handling HBA vSES device (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Memset config_cmds.reply buffer with zeros (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Postprocessing of target and LUN reset (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Rearrange\n _scsih_mark_responding_sas_device() (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Remove NULL check before freeing function (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Remove pci-dma-compat wrapper API (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Remove superfluous memset() (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Rename and export interrupt mask/unmask functions (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Rename function name is_MSB_are_same (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Separate out RDPQ allocation to new function (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Update driver version to 35.100.00.00 (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Update hba_port objects after host reset (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Update hba_port's sas_address & phy_mask (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Update mpt3sas version to 33.101.00.00 (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Use true, false for ioc->use_32bit_dma (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: use true,false for bool variables (jsc#SLE-16914, bsc#1177733).\n\n - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Do not consume srb greedily (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1171688 bsc#1172733). Replace patches.suse/qla2xxx-return-ebusy-on-fcport-deletion.pat ch with upstream version.\n\n - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1171688 bsc#1172733).\n\n - scsi: qla2xxx: Use constant when it is known (bsc#1171688 bsc#1172733). Refresh: - patches.suse/qla2xxx-return-ebusy-on-fcport-deletion.pat ch\n\n - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1171688 bsc#1172733).\n\n - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes).\n\n - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1171688 bsc#1172733).\n\n - scsi_dh_alua: return BLK_STS_AGAIN for ALUA transitioning state (bsc#1165933, bsc#1171000).\n\n - scsi_dh_alua: set 'transitioning' state on unit attention (bsc#1171000, bsc#1165933).\n\n - selftest/bpf: Add missed ip6ip6 test back (bsc#1155518).\n\n - selftests/bpf/test_offload.py: Reset ethtool features after failed setting (bsc#1155518).\n\n - selftests/bpf: Fix invalid use of strncat in test_sockmap (bsc#1155518).\n\n - selftests/bpf: Print reason when a tester could not run a program (bsc#1155518).\n\n - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes).\n\n - serial_core: Check for port state when tty is in error state (git-fixes).\n\n - slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI (git-fixes).\n\n - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes).\n\n - soc: amlogic: canvas: add missing put_device() call in meson_canvas_get() (git-fixes).\n\n - soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) (git-fixes).\n\n - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes).\n\n - soc: qcom: geni: More properly switch to DMA mode (git-fixes).\n\n - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes).\n\n - soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains() (git-fixes).\n\n - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes).\n\n - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes).\n\n - speakup: fix uninitialized flush_lock (git-fixes).\n\n - spi: atmel-quadspi: Disable clock in probe error path (git-fixes).\n\n - spi: atmel-quadspi: Fix AHB memory accesses (git-fixes).\n\n - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes).\n\n - spi: davinci: Fix use-after-free on unbind (git-fixes).\n\n - spi: fix resource leak for drivers without .remove callback (git-fixes).\n\n - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes).\n\n - spi: mt7621: Disable clock in probe error path (git-fixes).\n\n - spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe (git-fixes).\n\n - spi: mxs: fix reference leak in mxs_spi_probe (git-fixes).\n\n - spi: pic32: Do not leak DMA channels in probe error path (git-fixes).\n\n - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes).\n\n - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes).\n\n - spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts (git-fixes).\n\n - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes).\n\n - spi: sprd: fix reference leak in sprd_spi_remove (git-fixes).\n\n - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes).\n\n - spi: stm32: FIFO threshold level - fix align packet size (git-fixes).\n\n - spi: stm32: fix reference leak in stm32_spi_resume (git-fixes).\n\n - spi: synquacer: Disable clock in probe error path (git-fixes).\n\n - spi: tegra114: fix reference leak in tegra spi ops (git-fixes).\n\n - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes).\n\n - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes).\n\n - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes).\n\n - staging: mt7621-dma: Fix a resource leak in an error handling path (git-fixes).\n\n - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes).\n\n - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes).\n\n - swiotlb: fix 'x86: Do not panic if can not alloc buffer for swiotlb' (git-fixes).\n\n - swiotlb: using SIZE_MAX needs limits.h included (git-fixes).\n\n - thunderbolt: Fix use-after-free in remove_unplugged_switch() (git-fixes).\n\n - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes).\n\n - tty: Fix ->session locking (bsc#1179745).\n\n - ubifs: Do not parse authentication mount options in remount process (bsc#1179688).\n\n - ubifs: Fix a memleak after dumping authentication mount options (bsc#1179687).\n\n - ubifs: Fix wrong orphan node deletion in ubifs_jnl_update|rename (bsc#1179675).\n\n - ubifs: dent: Fix some potential memory leaks while iterating entries (bsc#1179703).\n\n - ubifs: journal: Make sure to not dirty twice for auth nodes (bsc#1179704).\n\n - ubifs: mount_ubifs: Release authentication resource in error handling path (bsc#1179689).\n\n - ubifs: xattr: Fix some potential memory leaks while iterating entries (bsc#1179690).\n\n - udf: Fix memory leak when mounting (bsc#1179712).\n\n - usb/max3421: fix return error code in max3421_probe() (git-fixes).\n\n - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes).\n\n - usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() (git-fixes).\n\n - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion (git-fixes).\n\n - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes).\n\n - usb: gadget: configfs: Preserve function ordering after bind failure (git-fixes).\n\n - usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus (git-fixes).\n\n - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes).\n\n - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes).\n\n - usb: gadget: select CONFIG_CRC32 (git-fixes).\n\n - usb: gadget: u_ether: Fix MTU size mismatch with RX packet size (git-fixes).\n\n - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes).\n\n - usb: mtu3: fix memory corruption in mtu3_debugfs_regset() (git-fixes).\n\n - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes).\n\n - usb: usbip: vhci_hcd: protect shift size (git-fixes).\n\n - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes).\n\n - video: fbdev: radeon: Fix memleak in radeonfb_pci_register (bsc#1152472)\n\n - video: fbdev: sis: fix null ptr dereference (bsc#1152472)\n\n - wan: ds26522: select CONFIG_BITREVERSE (git-fixes).\n\n - watchdog: Fix potential dereferencing of NULL pointer (git-fixes).\n\n - watchdog: armada_37xx: Add missing dependency on HAS_IOMEM (git-fixes).\n\n - watchdog: coh901327: add COMMON_CLK dependency (git-fixes).\n\n - watchdog: qcom: Avoid context switch in restart handler (git-fixes).\n\n - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes).\n\n - watchdog: sprd: change to use usleep_range() instead of busy loop (git-fixes).\n\n - watchdog: sprd: check busy bit before new loading rather than after that (git-fixes).\n\n - watchdog: sprd: remove watchdog disable from resume fail path (git-fixes).\n\n - wil6210: select CONFIG_CRC32 (git-fixes).\n\n - wimax: fix duplicate initializer warning (git-fixes).\n\n - x86/CPU/AMD: Remove amd_get_nb_id() (bsc#1152489).\n\n - x86/CPU/AMD: Save AMD NodeId as cpu_die_id (bsc#1152489).\n\n - x86/apic/vector: Fix ordering in vector assignment (bsc#1156315).\n\n - x86/ima: use correct identifier for SetupMode variable (bsc#1152489).\n\n - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1152489).\n\n - x86/mce: Do not overwrite no_way_out if mce_end() fails (bsc#1152489).\n\n - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1152489).\n\n - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1152489).\n\n - x86/mm/numa: Remove uninitialized_var() usage (bsc#1152489).\n\n - x86/mm: Fix leak of pmd ptlock (bsc#1152489).\n\n - x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#1152489).\n\n - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1152489).\n\n - x86/resctrl: Do not move a task to the same resource group (bsc#1152489).\n\n - x86/resctrl: Fix AMD L3 QOS CDP enable/disable (bsc#1152489).\n\n - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1152489).\n\n - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1152489).\n\n - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1152489).\n\n - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR (bsc#1152489).\n\n - x86/speculation: Fix prctl() when spectre_v2_user=(seccomp,prctl),ibpb (bsc#1152489).\n\n - x86/topology: Set cpu_die_id only if DIE_TYPE found (bsc#1152489).\n\n - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1152489).\n\n - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes).\n\n - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes).", "cvss3": {}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2021-60)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-11668", "CVE-2020-25639", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-27830", "CVE-2020-27835", "CVE-2020-28374", "CVE-2020-29370", "CVE-2020-29373", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo", "p-cpe:/a:novell:opensuse:kernel-preempt-debugsource", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-60.NASL", "href": "https://www.tenable.com/plugins/nessus/145320", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-60.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145320);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-11668\",\n \"CVE-2020-25639\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-27830\",\n \"CVE-2020-27835\",\n \"CVE-2020-28374\",\n \"CVE-2020-29370\",\n \"CVE-2020-29373\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2021-60)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The openSUSE Leap 15.2 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-27835: A use after free in the Linux kernel\n infiniband hfi1 driver was found in the way user calls\n Ioctl after open dev file and fork. A local user could\n use this flaw to crash the system (bnc#1179878).\n\n - CVE-2020-25639: Fixed a NULL pointer dereference via\n nouveau ioctl (bnc#1176846).\n\n - CVE-2020-28374: In drivers/target/target_core_xcopy.c\n insufficient identifier checking in the LIO SCSI target\n code can be used by remote attackers to read or write\n files via directory traversal in an XCOPY request, aka\n CID-2896c93811e3. For example, an attack can occur over\n a network if the attacker has access to one iSCSI LUN.\n The attacker gains control over file access because I/O\n operations are proxied via an attacker-selected\n backstore (bnc#1178372).\n\n - CVE-2020-36158: mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c might have\n allowed remote attackers to execute arbitrary code via a\n long SSID value, aka CID-5c455c5ab332 (bnc#1180559).\n\n - CVE-2020-27825: A use-after-free flaw was found in\n kernel/trace/ring_buffer.c. There was a race problem in\n trace_open and resize of cpu buffer running parallely on\n different cpus, may cause a denial of service problem\n (DOS). This flaw could even allow a local attacker with\n special user privilege to a kernel information leak\n threat (bnc#1179960).\n\n - CVE-2020-0466: In do_epoll_ctl and ep_loop_check_proc of\n eventpoll.c, there is a possible use after free due to a\n logic error. This could lead to local escalation of\n privilege with no additional execution privileges\n needed. User interaction is not needed for exploitation\n (bnc#1180031).\n\n - CVE-2020-27068: In the nl80211_policy policy of\n nl80211.c, there is a possible out of bounds read due to\n a missing bounds check. This could lead to local\n information disclosure with System execution privileges\n needed. User interaction is not required for\n exploitation (bnc#1180086).\n\n - CVE-2020-0444: In audit_free_lsm_field of auditfilter.c,\n there is a possible bad kfree due to a logic error in\n audit_data_to_entry. This could lead to local escalation\n of privilege with no additional execution privileges\n needed. User interaction is not needed for exploitation\n (bnc#1180027).\n\n - CVE-2020-0465: In various methods of hid-multitouch.c,\n there is a possible out of bounds write due to a missing\n bounds check. This could lead to local escalation of\n privilege with no additional execution privileges\n needed. User interaction is not needed for exploitation\n (bnc#1180029).\n\n - CVE-2020-29661: A locking issue was discovered in the\n tty subsystem of the Linux kernel\n drivers/tty/tty_jobctrl.c allowed a use-after-free\n attack against TIOCSPGRP, aka CID-54ffccbf053b\n (bnc#1179745).\n\n - CVE-2020-29660: A locking inconsistency issue was\n discovered in the tty subsystem of the Linux kernel\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n have allowed a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24 (bnc#1179745).\n\n - CVE-2020-27777: A flaw was found in the way RTAS handled\n memory accesses in userspace to kernel communication. On\n a locked down (usually due to Secure Boot) guest system\n running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to\n further increase their privileges to that of a running\n kernel (bnc#1179107).\n\n - CVE-2020-29373: An issue was discovered in fs/io_uring.c\n in the Linux kernel It unsafely handles the root\n directory during path lookups, and thus a process inside\n a mount namespace can escape to unintended filesystem\n locations, aka CID-ff002b30181d (bnc#1179434).\n\n - CVE-2020-11668: drivers/media/usb/gspca/xirlink_cit.c\n (aka the Xirlink camera USB driver) mishandled invalid\n descriptors, aka CID-a246b4d54770 (bnc#1168952).\n\n - CVE-2020-27830: Fixed a NULL-ptr deref bug in\n spk_ttyio_receive_buf2 (bnc#1179656).\n\n - CVE-2020-29370: An issue was discovered in\n kmem_cache_alloc_bulk in mm/slub.c. The slowpath lacks\n the required TID increment, aka CID-fd4d9c7d0c71\n (bnc#1179435).\n\n - CVE-2020-27786: A flaw was found in the Linux kernels\n implementation of MIDI, where an attacker with a local\n account and the permissions to issue an ioctl commands\n to midi devices, could trigger a use-after-free. A write\n to this specific memory while freed and before use could\n cause the flow of execution to change and possibly allow\n for memory corruption or privilege escalation\n (bnc#1179601).\n\nThe following non-security bugs were fixed :\n\n - ACPI: APEI: Kick the memory_failure() queue for\n synchronous errors (jsc#SLE-16610).\n\n - ACPI: PNP: compare the string length in the\n matching_id() (git-fixes).\n\n - ALSA/hda: apply jack fixup for the Acer Veriton\n N4640G/N6640G/N2510G (git-fixes).\n\n - ALSA: core: memalloc: add page alignment for iram\n (git-fixes).\n\n - ALSA: hda/ca0132 - Change Input Source enum strings\n (git-fixes).\n\n - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg\n (git-fixes).\n\n - ALSA: hda/conexant: add a new hda codec CX11970\n (git-fixes).\n\n - ALSA: hda/generic: Add option to enforce preferred_dacs\n pairs (git-fixes).\n\n - ALSA: hda/hdmi: always print pin NIDs as hexadecimal\n (git-fixes).\n\n - ALSA: hda/hdmi: packet buffer index must be set before\n reading value (git-fixes).\n\n - ALSA: hda/proc - print DP-MST connections (git-fixes).\n\n - ALSA: hda/realtek - Add new codec supported for ALC897\n (git-fixes).\n\n - ALSA: hda/realtek - Add supported for more Lenovo ALC285\n Headset Button (git-fixes).\n\n - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK\n with ALC255 (git-fixes).\n\n - ALSA: hda/realtek - Enable headset mic of ASUS X430UN\n with ALC256 (git-fixes).\n\n - ALSA: hda/realtek - Fix speaker volume control on Lenovo\n C940 (git-fixes).\n\n - ALSA: hda/realtek - Fixed Dell AIO wrong sound tone\n (git-fixes).\n\n - ALSA: hda/realtek - Modify Dell platform name\n (git-fixes).\n\n - ALSA: hda/realtek - Supported Dell fixed type headset\n (git-fixes).\n\n - ALSA: hda/realtek: Add mute LED quirk for more HP\n laptops (git-fixes).\n\n - ALSA: hda/realtek: Add mute LED quirk to yet another HP\n x360 model (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for MSI-GP73 (git-fixes).\n\n - ALSA: hda/realtek: Add two 'Intel Reference board' SSID\n in the ALC256 (git-fixes).\n\n - ALSA: hda/realtek: Apply jack fixup for Quanta NL3\n (git-fixes).\n\n - ALSA: hda/realtek: Enable headset of ASUS UX482EG &\n B9400CEA with ALC294 (git-fixes).\n\n - ALSA: hda/realtek: Enable mute and micmute LED on HP\n EliteBook 850 G7 (git-fixes).\n\n - ALSA: hda/realtek: Fix bass speaker DAC assignment on\n Asus Zephyrus G14 (git-fixes).\n\n - ALSA: hda/realtek: Remove dummy lineout on Acer\n TravelMate P648/P658 (git-fixes).\n\n - ALSA: hda/realtek: make bass spk volume adjustable on a\n yoga laptop (git-fixes).\n\n - ALSA: hda/via: Fix runtime PM for Clevo W35xSS\n (git-fixes).\n\n - ALSA: hda: Fix regressions on clear and reconfig sysfs\n (git-fixes).\n\n - ALSA: pcm: Clear the full allocated memory at hw_params\n (git-fixes).\n\n - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes).\n\n - ALSA: pcm: oss: Fix potential out-of-bounds shift\n (git-fixes).\n\n - ALSA: rawmidi: Access runtime->avail always in spinlock\n (git-fixes).\n\n - ALSA: seq: remove useless function (git-fixes).\n\n - ALSA: usb-audio: Add VID to support native DSD\n reproduction on FiiO devices (git-fixes).\n\n - ALSA: usb-audio: Add generic implicit fb parsing\n (bsc#1178203).\n\n - ALSA: usb-audio: Add hw constraint for implicit fb sync\n (bsc#1178203).\n\n - ALSA: usb-audio: Add implicit fb support for Steinberg\n UR22 (git-fixes).\n\n - ALSA: usb-audio: Add implicit_fb module option\n (bsc#1178203).\n\n - ALSA: usb-audio: Add quirk for BOSS AD-10 (git-fixes).\n\n - ALSA: usb-audio: Add quirk for Pioneer DJ DDJ-SR2\n (git-fixes).\n\n - ALSA: usb-audio: Add quirk for RC-505 (git-fixes).\n\n - ALSA: usb-audio: Add snd_usb_get_endpoint() helper\n (bsc#1178203).\n\n - ALSA: usb-audio: Add snd_usb_get_host_interface() helper\n (bsc#1178203).\n\n - ALSA: usb-audio: Add support for Pioneer DJ DDJ-RR\n controller (git-fixes).\n\n - ALSA: usb-audio: Always set up the parameters after\n resume (bsc#1178203).\n\n - ALSA: usb-audio: Avoid doubly initialization for\n implicit fb (bsc#1178203).\n\n - ALSA: usb-audio: Check implicit feedback EP generically\n for UAC2 (bsc#1178203).\n\n - ALSA: usb-audio: Check valid altsetting at parsing rates\n for UAC2/3 (bsc#1178203).\n\n - ALSA: usb-audio: Constify audioformat pointer references\n (bsc#1178203).\n\n - ALSA: usb-audio: Convert to the common vmalloc memalloc\n (bsc#1178203).\n\n - ALSA: usb-audio: Correct wrongly matching entries with\n audio class (bsc#1178203).\n\n - ALSA: usb-audio: Create endpoint objects at parsing\n phase (bsc#1178203).\n\n - ALSA: usb-audio: Disable sample read check if firmware\n does not give back (git-fixes).\n\n - ALSA: usb-audio: Do not call usb_set_interface() at\n trigger callback (bsc#1178203).\n\n - ALSA: usb-audio: Do not set altsetting before\n initializing sample rate (bsc#1178203).\n\n - ALSA: usb-audio: Drop debug.h (bsc#1178203).\n\n - ALSA: usb-audio: Drop keep_interface flag again\n (bsc#1178203).\n\n - ALSA: usb-audio: Drop unneeded snd_usb_substream fields\n (bsc#1178203).\n\n - ALSA: usb-audio: Factor out the implicit feedback quirk\n code (bsc#1178203).\n\n - ALSA: usb-audio: Fix EP matching for continuous rates\n (bsc#1178203).\n\n - ALSA: usb-audio: Fix MOTU M-Series quirks (bsc#1178203).\n\n - ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks\n (git-fixes).\n\n - ALSA: usb-audio: Fix control 'access overflow' errors\n from chmap (git-fixes).\n\n - ALSA: usb-audio: Fix possible stall of implicit fb\n packet ring-buffer (bsc#1178203).\n\n - ALSA: usb-audio: Fix potential out-of-bounds shift\n (git-fixes).\n\n - ALSA: usb-audio: Fix quirks for other BOSS devices\n (bsc#1178203).\n\n - ALSA: usb-audio: Handle discrete rates properly in hw\n constraints (bsc#1178203).\n\n - ALSA: usb-audio: Improve some debug prints\n (bsc#1178203).\n\n - ALSA: usb-audio: Move device rename and profile quirks\n to an internal table (bsc#1178203).\n\n - ALSA: usb-audio: Move snd_usb_autoresume() call out of\n setup_hw_info() (bsc#1178203).\n\n - ALSA: usb-audio: Pass snd_usb_audio object to quirk\n functions (bsc#1178203).\n\n - ALSA: usb-audio: Properly match with audio interface\n class (bsc#1178203).\n\n - ALSA: usb-audio: Quirk for BOSS GT-001 (bsc#1178203).\n\n - ALSA: usb-audio: Refactor endpoint management\n (bsc#1178203).\n\n - ALSA: usb-audio: Refactoring endpoint URB deactivation\n (bsc#1178203).\n\n - ALSA: usb-audio: Replace slave/master terms\n (bsc#1178203).\n\n - ALSA: usb-audio: Set and clear sync EP link properly\n (bsc#1178203).\n\n - ALSA: usb-audio: Set callbacks via\n snd_usb_endpoint_set_callback() (bsc#1178203).\n\n - ALSA: usb-audio: Show sync endpoint information in proc\n outputs (bsc#1178203).\n\n - ALSA: usb-audio: Simplify hw_params rules (bsc#1178203).\n\n - ALSA: usb-audio: Simplify quirk entries with a macro\n (bsc#1178203).\n\n - ALSA: usb-audio: Simplify rate_min/max and rates set up\n (bsc#1178203).\n\n - ALSA: usb-audio: Simplify snd_usb_init_pitch() arguments\n (bsc#1178203).\n\n - ALSA: usb-audio: Simplify snd_usb_init_sample_rate()\n arguments (bsc#1178203).\n\n - ALSA: usb-audio: Stop both endpoints properly at error\n (bsc#1178203).\n\n - ALSA: usb-audio: Support PCM sync_stop (bsc#1178203).\n\n - ALSA: usb-audio: Track implicit fb sync endpoint in\n audioformat list (bsc#1178203).\n\n - ALSA: usb-audio: US16x08: fix value count for level\n meters (git-fixes).\n\n - ALSA: usb-audio: Unify the code for the next packet size\n calculation (bsc#1178203).\n\n - ALSA: usb-audio: Use ALC1220-VB-DT mapping for ASUS ROG\n Strix TRX40 mobo (bsc#1178203).\n\n - ALSA: usb-audio: Use atomic_t for endpoint use_count\n (bsc#1178203).\n\n - ALSA: usb-audio: Use managed buffer allocation\n (bsc#1178203).\n\n - ALSA: usb-audio: Use unsigned char for iface and\n altsettings fields (bsc#1178203).\n\n - ALSA: usb-audio: workaround for iface reset issue\n (bsc#1178203).\n\n - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 Detachable\n quirks (git-fixes).\n\n - ASoC: SOF: control: fix size checks for ext_bytes\n control .get() (git-fixes).\n\n - ASoC: amd: change clk_get() to devm_clk_get() and add\n missed checks (git-fixes).\n\n - ASoC: arizona: Fix a wrong free in wm8997_probe\n (git-fixes).\n\n - ASoC: cx2072x: Fix doubly definitions of Playback and\n Capture streams (git-fixes).\n\n - ASoC: jz4740-i2s: add missed checks for clk_get()\n (git-fixes).\n\n - ASoC: meson: fix COMPILE_TEST error (git-fixes).\n\n - ASoC: pcm: DRAIN support reactivation (git-fixes).\n\n - ASoC: sun4i-i2s: Fix lrck_period computation for I2S\n justified mode (git-fixes).\n\n - ASoC: tegra20-spdif: remove 'default m' (git-fixes).\n\n - ASoC: ti: davinci-mcasp: remove always zero of\n davinci_mcasp_get_dt_params (git-fixes).\n\n - ASoC: wm8998: Fix PM disable depth imbalance on error\n (git-fixes).\n\n - ASoC: wm_adsp: fix error return code in wm_adsp_load()\n (git-fixes).\n\n - ASoC: wm_adsp: remove 'ctl' from list on error in\n wm_adsp_create_control() (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in\n hci_event_packet() (git-fixes).\n\n - Bluetooth: Fix slab-out-of-bounds read in\n hci_le_direct_adv_report_evt() (git-fixes).\n\n - Bluetooth: btmtksdio: Add the missed release_firmware()\n in mtk_setup_firmware() (git-fixes).\n\n - Bluetooth: btusb: Add the missed release_firmware() in\n btusb_mtk_setup_firmware() (git-fixes).\n\n - Bluetooth: hci_h5: close serdev device and free hu in\n h5_close (git-fixes).\n\n - Bluetooth: hci_h5: fix memory leak in h5_close\n (git-fixes).\n\n - Drop a backported uvcvideo patch that caused a\n regression (bsc#1180117) Also blacklisting the commit\n\n - EDAC/amd64: Do not load on family 0x15, model 0x13\n (bsc#1179763).\n\n - EDAC/amd64: Fix PCI component registration\n (bsc#1152489).\n\n - EDAC/i10nm: Use readl() to access MMIO registers\n (bsc#1152489).\n\n - EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD\n NodeId (bsc#1152489).\n\n - HID: Add Logitech Dinovo Edge battery quirk (git-fixes).\n\n - HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for\n Gamevice devices (git-fixes).\n\n - HID: add support for Sega Saturn (git-fixes).\n\n - HID: cypress: Support Varmilo Keyboards' media hotkeys\n (git-fixes).\n\n - HID: hid-sensor-hub: Fix issue with devices with no\n report ID (git-fixes).\n\n - HID: i2c-hid: add Vero K147 to descriptor override\n (git-fixes).\n\n - HID: ite: Replace ABS_MISC 120/121 events with touchpad\n on/off keypresses (git-fixes).\n\n - HID: logitech-hidpp: Add HIDPP_CONSUMER_VENDOR_KEYS\n quirk for the Dinovo Edge (git-fixes).\n\n - HID: uclogic: Add ID for Trust Flex Design Tablet\n (git-fixes).\n\n - HMAT: Register memory-side cache after parsing\n (bsc#1178660).\n\n - HMAT: Skip publishing target info for nodes with no\n online memory (bsc#1178660).\n\n - HSI: omap_ssi: Do not jump to free ID in\n ssi_add_controller() (git-fixes).\n\n - IB/hfi1: Remove kobj from hfi1_devdata (bsc#1179878).\n\n - IB/hfi1: Remove module parameter for KDETH qpns\n (bsc#1179878).\n\n - IB/isert: Fix unaligned immediate-data handling\n (bsc#1152489)\n\n - IB/mlx4: Add and improve logging (bsc#1152489)\n\n - IB/mlx4: Add support for MRA (bsc#1152489)\n\n - IB/mlx4: Adjust delayed work when a dup is observed\n (bsc#1152489)\n\n - IB/mlx4: Fix starvation in paravirt mux/demux\n (bsc#1152489)\n\n - IB/mthca: fix return value of error branch in\n mthca_init_cq() (bsc#1152489)\n\n - IB/rdmavt: Fix sizeof mismatch (bsc#1152489)\n\n - IB/srpt: Fix memory leak in srpt_add_one (bsc#1152489)\n\n - IB/uverbs: Set IOVA on IB MR in uverbs layer\n (bsc#1152489)\n\n - Input: ads7846 - fix integer overflow on Rt calculation\n (git-fixes).\n\n - Input: ads7846 - fix race that causes missing releases\n (git-fixes).\n\n - Input: ads7846 - fix unaligned access on 7845\n (git-fixes).\n\n - Input: cm109 - do not stomp on control URB (git-fixes).\n\n - Input: cros_ec_keyb - send 'scancodes' in addition to\n key events (git-fixes).\n\n - Input: cyapa_gen6 - fix out-of-bounds stack access\n (git-fixes).\n\n - Input: goodix - add upside-down quirk for Teclast X98\n Pro tablet (git-fixes).\n\n - Input: i8042 - add Acer laptops to the i8042 reset list\n (git-fixes).\n\n - Input: i8042 - add ByteSpeed touchpad to noloop table\n (git-fixes).\n\n - Input: i8042 - allow insmod to succeed on devices\n without an i8042 controller (git-fixes).\n\n - Input: i8042 - fix error return code in\n i8042_setup_aux() (git-fixes).\n\n - Input: omap4-keypad - fix runtime PM error handling\n (git-fixes).\n\n - Input: xpad - support Ardwiino Controllers (git-fixes).\n\n - KVM: PPC: Book3S HV: XIVE: Fix possible oops when\n accessing ESB page (bsc#1156395).\n\n - Move 'btrfs: qgroup: do not try to wait flushing if\n we're already holding a transaction (bsc#1179575).' to\n sorted section\n\n - Move upstreamed USB-audio patches into sorted section\n\n - PCI: Fix overflow in command-line resource alignment\n requests (git-fixes).\n\n - PCI: Fix pci_slot_release() NULL pointer dereference\n (git-fixes).\n\n - PCI: brcmstb: Initialize 'tmp' before use (git-fixes).\n\n - PCI: iproc: Fix out-of-bound array accesses (git-fixes).\n\n - RDMA/addr: Fix race with\n netevent_callback()/rdma_addr_cancel() (bsc#1152489)\n\n - RDMA/bnxt_re: Do not add user qps to flushlist\n (bsc#1152489)\n\n - RDMA/bnxt_re: Fix sizeof mismatch for allocation of\n pbl_tbl. (bsc#1152489)\n\n - RDMA/core: Fix bogus WARN_ON during\n ib_unregister_device_queued() (bsc#1152489)\n\n - RDMA/core: Fix reported speed and width (bsc#1152489)\n\n - RDMA/core: Fix return error value in _ib_modify_qp() to\n negative (bsc#1152489)\n\n - RDMA/core: Free DIM memory in error unwind (bsc#1152489)\n\n - RDMA/core: Stop DIM before destroying CQ (bsc#1152489)\n\n - RDMA/counter: Allow manually bind QPs with different\n pids to same counter (bsc#1152489)\n\n - RDMA/counter: Only bind user QPs in auto mode\n (bsc#1152489)\n\n - RDMA/hns: Add check for the validity of sl configuration\n (bsc#1152489)\n\n - RDMA/hns: Bugfix for memory window mtpt configuration\n (bsc#1152489)\n\n - RDMA/hns: Correct typo of hns_roce_create_cq()\n (bsc#1152489)\n\n - RDMA/hns: Fix missing sq_sig_type when querying QP\n (bsc#1152489)\n\n - RDMA/hns: Set the unsupported wr opcode (bsc#1152489)\n\n - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces\n (bsc#1152489)\n\n - RDMA/mlx5: Disable IB_DEVICE_MEM_MGT_EXTENSIONS if\n IB_WR_REG_MR can't work (bsc#1152489)\n\n - RDMA/netlink: Remove CAP_NET_RAW check when dump a raw\n QP (bsc#1152489)\n\n - RDMA/pvrdma: Fix missing kfree() in\n pvrdma_register_device() (bsc#1152489)\n\n - RDMA/qedr: Endianness warnings cleanup (bsc#1152489)\n\n - RDMA/qedr: Fix doorbell setting (bsc#1152489)\n\n - RDMA/qedr: Fix iWARP active mtu display (bsc#1152489)\n\n - RDMA/qedr: Fix inline size returned for iWARP\n (bsc#1152489)\n\n - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1152489)\n\n - RDMA/qedr: Fix qp structure memory leak (bsc#1152489)\n\n - RDMA/qedr: Fix resource leak in qedr_create_qp\n (bsc#1152489)\n\n - RDMA/qedr: Fix use of uninitialized field (bsc#1152489)\n\n - RDMA/qedr: SRQ's bug fixes (bsc#1152489)\n\n - RDMA/rxe: Drop pointless checks in rxe_init_ports\n (bsc#1152489)\n\n - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1152489)\n\n - RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt()\n (bsc#1152489)\n\n - RDMA/rxe: Fix the parent sysfs read when the interface\n has 15 chars (bsc#1152489)\n\n - RDMA/rxe: Handle skb_clone() failure in rxe_recv.c\n (bsc#1152489)\n\n - RDMA/rxe: Prevent access to wr->next ptr afrer wr is\n posted to send queue (bsc#1152489)\n\n - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1152489)\n\n - RDMA/rxe: Return void from rxe_init_port_param()\n (bsc#1152489)\n\n - RDMA/rxe: Return void from rxe_mem_init_dma()\n (bsc#1152489)\n\n - RDMA/rxe: Skip dgid check in loopback mode (bsc#1152489)\n\n - RDMA/srpt: Fix typo in srpt_unregister_mad_agent\n docstring (bsc#1152489)\n\n - RDMA/umem: Fix ib_umem_find_best_pgsz() for mappings\n that cross a page boundary (bsc#1152489)\n\n - RDMA/umem: Prevent small pages from being returned by\n ib_umem_find_best_pgsz() (bsc#1152489)\n\n - Re-import the upstream uvcvideo fix; one more fix will\n be added later (bsc#1180117)\n\n - Revert 'ACPI / resources: Use AE_CTRL_TERMINATE to\n terminate resources walks' (git-fixes).\n\n - Revert 'ceph: allow rename operation under different\n quota realms' (bsc#1180541).\n\n - Revert 'geneve: pull IP header before ECN decapsulation'\n (git-fixes).\n\n - Revert 'i2c: i2c-qcom-geni: Fix DMA transfer race'\n (git-fixes).\n\n - Revert 'platform/x86: wmi: Destroy on cleanup rather\n than unregister' (git-fixes).\n\n - Revert 'powerpc/pseries/hotplug-cpu: Remove double free\n in error path' (bsc#1065729).\n\n - USB: UAS: introduce a quirk to set no_write_same\n (git-fixes).\n\n - USB: add RESET_RESUME quirk for Snapscan 1212\n (git-fixes).\n\n - USB: dummy-hcd: Fix uninitialized array use in init()\n (git-fixes).\n\n - USB: gadget: f_acm: add support for SuperSpeed Plus\n (git-fixes).\n\n - USB: gadget: f_midi: setup SuperSpeed Plus descriptors\n (git-fixes).\n\n - USB: gadget: f_rndis: fix bitrate for SuperSpeed and\n above (git-fixes).\n\n - USB: gadget: legacy: fix return error code in\n acm_ms_bind() (git-fixes).\n\n - USB: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for\n Lenovo A630Z TIO built-in usb-audio card (git-fixes).\n\n - USB: serial: ch341: add new Product ID for CH341A\n (git-fixes).\n\n - USB: serial: ch341: sort device-id entries (git-fixes).\n\n - USB: serial: digi_acceleport: fix write-wakeup deadlocks\n (git-fixes).\n\n - USB: serial: iuu_phoenix: fix DMA from stack\n (git-fixes).\n\n - USB: serial: keyspan_pda: fix dropped unthrottle\n interrupts (git-fixes).\n\n - USB: serial: keyspan_pda: fix stalled writes\n (git-fixes).\n\n - USB: serial: keyspan_pda: fix tx-unthrottle\n use-after-free (git-fixes).\n\n - USB: serial: keyspan_pda: fix write deadlock\n (git-fixes).\n\n - USB: serial: keyspan_pda: fix write unthrottling\n (git-fixes).\n\n - USB: serial: keyspan_pda: fix write-wakeup\n use-after-free (git-fixes).\n\n - USB: serial: kl5kusb105: fix memleak on open\n (git-fixes).\n\n - USB: serial: kl5kusb105: fix memleak on open\n (git-fixes).\n\n - USB: serial: mos7720: fix parallel-port state restore\n (git-fixes).\n\n - USB: serial: option: add Fibocom NL668 variants\n (git-fixes).\n\n - USB: serial: option: add interface-number sanity check\n to flag handling (git-fixes).\n\n - USB: serial: option: add support for Thales Cinterion\n EXS82 (git-fixes).\n\n - USB: serial: option: fix Quectel BG96 matching\n (git-fixes).\n\n - USB: xhci: fix U1/U2 handling for hardware with\n XHCI_INTEL_HOST quirk set (git-fixes).\n\n - USB: yurex: fix control-URB timeout handling\n (git-fixes).\n\n - arm64: acpi: Make apei_claim_sea() synchronise with\n APEI's irq work (jsc#SLE-16610).\n\n - arm64: mm: Fix ARCH_LOW_ADDRESS_LIMIT when\n !CONFIG_ZONE_DMA (git-fixes).\n\n - ath10k: Fix an error handling path (git-fixes).\n\n - ath10k: Release some resources in an error handling path\n (git-fixes).\n\n - ath6kl: fix enum-conversion warning (git-fixes).\n\n - batman-adv: Consider fragmentation for needed_headroom\n (git-fixes).\n\n - batman-adv: Do not always reallocate the fragmentation\n skb head (git-fixes).\n\n - batman-adv: Reserve needed_*room for fragments\n (git-fixes).\n\n - bitmap: remove unused function declaration (git-fixes).\n\n - blk-mq-blk-mq-provide-forced-completion-method.patch:\n (bsc#1175995,jsc#SLE-15608,bsc#1178756).\n\n - blk-mq: Remove 'running from the wrong CPU' warning\n (bsc#1174486).\n\n - block: return status code in blk_mq_end_request()\n (bsc#1171000, bsc#1165933).\n\n - bpf: Fix bpf_put_raw_tracepoint()'s use of\n __module_address() (git-fixes).\n\n - btrfs: add missing check for nocow and compression inode\n flags (bsc#1178780).\n\n - btrfs: allow btrfs_truncate_block() to fallback to nocow\n for data space reservation (bsc#1161099).\n\n - btrfs: delete duplicated words + other fixes in comments\n (bsc#1180566).\n\n - btrfs: do not commit logs and transactions during link\n and rename operations (bsc#1180566).\n\n - btrfs: do not take the log_mutex of the subvolume when\n pinning the log (bsc#1180566).\n\n - btrfs: fix missing delalloc new bit for new delalloc\n ranges (bsc#1180773).\n\n - btrfs: fix readahead hang and use-after-free after\n removing a device (bsc#1179963).\n\n - btrfs: fix use-after-free on readahead extent after\n failure to create it (bsc#1179963).\n\n - btrfs: make btrfs_dirty_pages take btrfs_inode\n (bsc#1180773).\n\n - btrfs: make btrfs_set_extent_delalloc take btrfs_inode\n (bsc#1180773).\n\n - btrfs: qgroup: do not commit transaction when we already\n hold the handle (bsc#1178634).\n\n - btrfs: qgroup: do not try to wait flushing if we're\n already holding a transaction (bsc#1179575).\n\n - bus/fsl_mc: Do not rely on caller to provide non NULL\n mc_io (git-fixes).\n\n - bus: fsl-mc: fix error return code in\n fsl_mc_object_allocate() (git-fixes).\n\n - can: c_can: c_can_power_up(): fix error handling\n (git-fixes).\n\n - can: sja1000: sja1000_err(): do not count arbitration\n lose as an error (git-fixes).\n\n - can: softing: softing_netdev_open(): fix error handling\n (git-fixes).\n\n - can: sun4i_can: sun4i_can_err(): do not count\n arbitration lose as an error (git-fixes).\n\n - cfg80211: initialize rekey_data (git-fixes).\n\n - cifs: Fix an error pointer dereference in cifs_mount()\n (bsc#1178270).\n\n - cifs: add NULL check for ses->tcon_ipc (bsc#1178270).\n\n - cifs: allow syscalls to be restarted in\n __smb_send_rqst() (bsc#1176956).\n\n - cifs: do not share tcons with DFS (bsc#1178270).\n\n - cifs: document and cleanup dfs mount (bsc#1178270).\n\n - cifs: ensure correct super block for DFS reconnect\n (bsc#1178270).\n\n - cifs: fix DFS mount with cifsacl/modefromsid\n (bsc#1178270).\n\n - cifs: fix check of tcon dfs in smb1 (bsc#1178270).\n\n - cifs: fix double free error on share and prefix\n (bsc#1178270).\n\n - cifs: fix leaked reference on requeued write\n (bsc#1178270).\n\n - cifs: fix potential use-after-free in\n cifs_echo_request() (bsc#1139944).\n\n - cifs: fix uninitialised lease_key in open_shroot()\n (bsc#1178270).\n\n - cifs: get rid of unused parameter in\n reconn_setup_dfs_targets() (bsc#1178270).\n\n - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in\n reconnect (bsc#1178270).\n\n - cifs: handle empty list of targets in cifs_reconnect()\n (bsc#1178270).\n\n - cifs: handle hostnames that resolve to same ip in\n failover (bsc#1178270).\n\n - cifs: merge __(cifs,smb2)_reconnect[_tcon]() into\n cifs_tree_connect() (bsc#1178270).\n\n - cifs: only update prefix path of DFS links in\n cifs_tree_connect() (bsc#1178270).\n\n - cifs: reduce number of referral requests in DFS link\n lookups (bsc#1178270).\n\n - cifs: rename reconn_inval_dfs_target() (bsc#1178270).\n\n - cifs: set up next DFS target before generic_ip_connect()\n (bsc#1178270).\n\n - clk: at91: sam9x60: remove atmel,osc-bypass support\n (git-fixes).\n\n - clk: ingenic: Fix divider calculation with div tables\n (git-fixes).\n\n - clk: mediatek: Make mtk_clk_register_mux() a static\n function (git-fixes).\n\n - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9\n (git-fixes).\n\n - clk: renesas: r9a06g032: Drop __packed for portability\n (git-fixes).\n\n - clk: s2mps11: Fix a resource leak in error handling\n paths in the probe function (git-fixes).\n\n - clk: sunxi-ng: Make sure divider tables have sentinel\n (git-fixes).\n\n - clk: tegra: Do not return 0 on failure (git-fixes).\n\n - clk: tegra: Fix duplicated SE clock entry (git-fixes).\n\n - clk: ti: Fix memleak in ti_fapll_synth_setup\n (git-fixes).\n\n - clocksource/drivers/arm_arch_timer: Correct fault\n programming of CNTKCTL_EL1.EVNTI (git-fixes).\n\n - clocksource/drivers/arm_arch_timer: Use stable count\n reader in erratum sne (git-fixes).\n\n - clocksource/drivers/cadence_ttc: Fix memory leak in\n ttc_setup_clockevent() (git-fixes).\n\n - clocksource/drivers/orion: Add missing\n clk_disable_unprepare() on error path (git-fixes).\n\n - compiler_attributes.h: Add 'fallthrough' pseudo keyword\n for switch/case use (bsc#1178203).\n\n - coredump: fix core_pattern parse error (git-fixes).\n\n - cpufreq: ap806: Add missing MODULE_DEVICE_TABLE\n (git-fixes).\n\n - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE\n (git-fixes).\n\n - cpufreq: loongson1: Add missing MODULE_ALIAS\n (git-fixes).\n\n - cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE\n (git-fixes).\n\n - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes).\n\n - cpufreq: st: Add missing MODULE_DEVICE_TABLE\n (git-fixes).\n\n - cpufreq: vexpress-spc: Add missing MODULE_ALIAS\n (git-fixes).\n\n - crypto: af_alg - avoid undefined behavior accessing\n salg_name (git-fixes).\n\n - crypto: atmel-i2c - select CONFIG_BITREVERSE\n (git-fixes).\n\n - crypto: crypto4xx - Replace bitwise OR with logical OR\n in crypto4xx_build_pd (git-fixes).\n\n - crypto: ecdh - avoid buffer overflow in\n ecdh_set_secret() (git-fixes).\n\n - crypto: ecdh - avoid unaligned accesses in\n ecdh_set_secret() (git-fixes).\n\n - crypto: inside-secure - Fix sizeof() mismatch\n (git-fixes).\n\n - crypto: omap-aes - Fix PM disable depth imbalance in\n omap_aes_probe (git-fixes).\n\n - crypto: qat - fix status check in\n qat_hal_put_rel_rd_xfer() (git-fixes).\n\n - crypto: sun4i-ss - add the A33 variant of SS\n (git-fixes).\n\n - crypto: talitos - Endianess in current_desc_hdr()\n (git-fixes).\n\n - crypto: talitos - Fix return type of current_desc_hdr()\n (git-fixes).\n\n - cw1200: fix missing destroy_workqueue() on error in\n cw1200_init_common (git-fixes).\n\n - dmaengine: at_hdmac: Substitute kzalloc with kmalloc\n (git-fixes).\n\n - dmaengine: at_hdmac: add missing kfree() call in\n at_dma_xlate() (git-fixes).\n\n - dmaengine: at_hdmac: add missing put_device() call in\n at_dma_xlate() (git-fixes).\n\n - dmaengine: dw-edma: Fix use after free in\n dw_edma_alloc_chunk() (git-fixes).\n\n - dmaengine: mediatek: mtk-hsdma: Fix a resource leak in\n the error handling path of the probe function\n (git-fixes).\n\n - dmaengine: mv_xor_v2: Fix error return code in\n mv_xor_v2_probe() (git-fixes).\n\n - dmaengine: xilinx_dma: check dma_async_device_register\n return value (git-fixes).\n\n - dmaengine: xilinx_dma: fix incompatible param warning in\n _child_probe() (git-fixes).\n\n - dmaengine: xilinx_dma: fix mixed_enum_type coverity\n warning (git-fixes).\n\n - drivers: soc: ti: knav_qmss_queue: Fix error return code\n in knav_queue_probe (git-fixes).\n\n - drm/amd/display: Fix wrong return value in\n dm_update_plane_state() (bsc#1152489)\n\n - drm/amdgpu: pass NULL pointer instead of 0 (bsc#1152489)\n Backporting changes: 	* context fixes\n\n - drm/crc-debugfs: Fix memleak in crc_control_write\n (bsc#1152472)\n\n - drm/gma500: fix error check (bsc#1152472) Backporting\n changes: 	* context fixes\n\n - drm/i915/gem: Avoid implicit vmap for highmem on x86-32\n (bsc#1152489) Backporting changes: 	* context fixes\n\n - drm/i915: Fix sha_text population code (bsc#1152489)\n Backporting changes: 	* context fixes 	* adapted\n I/O functions to old driver\n\n - drm/imx: tve remove extraneous type qualifier\n (bsc#1152489)\n\n - drm/mediatek: Add exception handing in mtk_drm_probe()\n if component (bsc#1152472)\n\n - drm/mediatek: Add missing put_device() call in\n (bsc#1152472)\n\n - drm/mediatek: Add missing put_device() call in\n mtk_drm_kms_init() (bsc#1152472) Backporting changes:\n 	* context fixes 	* adapted to function layout\n\n - drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check()\n (bsc#1152489)\n\n - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds()\n (bsc#1152489) Backporting changes: 	* context fixes\n\n - drm/panfrost: Ensure GPU quirks are always initialised\n (bsc#1152489)\n\n - drm/panfrost: increase readl_relaxed_poll_timeout values\n (bsc#1152472) Backporting changes: 	* context fixes\n\n - drm/radeon: Prefer lower feedback dividers (bsc#1152489)\n\n - drm/sun4i: sun8i-csc: Secondary CSC register correction\n (bsc#1152489)\n\n - drm/vc4/vc4_hdmi: fill ASoC card owner (bsc#1152489)\n\n - drm/vc4: crtc: Rework a bit the CRTC state code\n (bsc#1152472) Backporting changes: 	* context fixes\n\n - drm/vc4: hdmi: Avoid sleeping in atomic context\n (bsc#1152489) Backporting changes: 	* context fixes\n\n - drm/vkms: fix xrgb on compute crc (bsc#1152472)\n Backporting changes: 	* changed filename from\n vkms_composer.c to vkms_crc.c 	* context fixes\n\n - drm: mxsfb: Remove fbdev leftovers (bsc#1152472)\n Backporting changes: 	* context fixes\n\n - drm: mxsfb: check framebuffer pitch (bsc#1152472)\n Backporting changes: 	* context fixes\n\n - drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel\n (bsc#1152489)\n\n - drm: panel: Fix bus format for OrtusTech COM43H4M85ULC\n panel (bsc#1152472) Backporting changes: 	* context\n fixes\n\n - drm: rcar-du: Put reference to VSP device (bsc#1152489)\n\n - epoll: Keep a reference on files added to the check list\n (bsc#1180031).\n\n - ethtool: fix error handling in ethtool_phys_id\n (git-fixes).\n\n - ext4: correctly report 'not supported' for\n (usr,grp)jquota when !CONFIG_QUOTA (bsc#1179672).\n\n - ext4: fix bogus warning in ext4_update_dx_flag()\n (bsc#1179716).\n\n - ext4: fix leaking sysfs kobject after failed mount\n (bsc#1179670).\n\n - ext4: limit entries returned when counting fsmap records\n (bsc#1179671).\n\n - ext4: unlock xattr_sem properly in\n ext4_inline_data_truncate() (bsc#1179673).\n\n - extcon: max77693: Fix modalias string (git-fixes).\n\n - fail_function: Remove a redundant mutex unlock\n (bsc#1149032).\n\n - fbcon: Remove the superfluous break (bsc#1152472)\n\n - firmware: arm_sdei: Document the motivation behind these\n set_fs() calls (jsc#SLE-16610).\n\n - fix regression in 'epoll: Keep a reference on files\n added to the check list' (bsc#1180031, git-fixes).\n\n - fs/minix: check return value of sb_getblk()\n (bsc#1179676).\n\n - fs/minix: do not allow getting deleted inodes\n (bsc#1179677).\n\n - fs/minix: fix block limit check for V1 filesystems\n (bsc#1179680).\n\n - fs/minix: reject too-large maximum file size\n (bsc#1179678).\n\n - fs/minix: remove expected error message in\n block_to_path() (bsc#1179681).\n\n - fs/minix: set s_maxbytes correctly (bsc#1179679).\n\n - fs/ufs: avoid potential u32 multiplication overflow\n (bsc#1179682).\n\n - fs: Do not invalidate page buffers in\n block_write_full_page() (bsc#1179711).\n\n - ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes).\n\n - geneve: pull IP header before ECN decapsulation\n (git-fixes).\n\n - genirq/irqdomain: Add an irq_create_mapping_affinity()\n function (bsc#1065729).\n\n - genirq/matrix: Deal with the sillyness of for_each_cpu()\n on UP (bsc#1156315).\n\n - gpio: mvebu: fix potential user-after-free on probe\n (git-fixes).\n\n - gpio: mvebu: update Armada XP per-CPU comment\n (git-fixes).\n\n - i2c: i801: Fix the i2c-mux gpiod_lookup_table not being\n properly terminated (git-fixes).\n\n - i2c: qup: Fix error return code in\n qup_i2c_bam_schedule_desc() (git-fixes).\n\n - i2c: sprd: use a specific timeout to avoid system hang\n up issue (git-fixes).\n\n - i3c master: fix missing destroy_workqueue() on error in\n i3c_master_register (git-fixes).\n\n - ibmvnic: add some debugs (bsc#1179896 ltc#190255).\n\n - ibmvnic: avoid memset null scrq msgs (bsc#1044767\n ltc#155231 git-fixes).\n\n - ibmvnic: continue fatal error reset after passive init\n (bsc#1171078 ltc#184239 git-fixes).\n\n - ibmvnic: delay next reset if hard reset fails\n (bsc#1094840 ltc#167098 git-fixes).\n\n - ibmvnic: enhance resetting status check during module\n exit (bsc#1065729).\n\n - ibmvnic: fix NULL pointer dereference in\n reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes).\n\n - ibmvnic: fix call_netdevice_notifiers in do_reset\n (bsc#1115431 ltc#171853 git-fixes).\n\n - ibmvnic: fix: NULL pointer dereference (bsc#1044767\n ltc#155231 git-fixes).\n\n - ibmvnic: notify peers when failover and migration happen\n (bsc#1044120 ltc#155423 git-fixes).\n\n - ibmvnic: restore adapter state on failed reset\n (bsc#1152457 ltc#174432 git-fixes).\n\n - iio: adc: rockchip_saradc: fix missing\n clk_disable_unprepare() on error in\n rockchip_saradc_resume (git-fixes).\n\n - iio: buffer: Fix demux update (git-fixes).\n\n - iio:adc:ti-ads124s08: Fix alignment and data leak issues\n (git-fixes).\n\n - iio:adc:ti-ads124s08: Fix buffer being too long\n (git-fixes).\n\n - iio:imu:bmi160: Fix too large a buffer (git-fixes).\n\n - iio:light:rpr0521: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:light:st_uvis25: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:magnetometer:mag3110: Fix alignment and data leak\n issues (git-fixes).\n\n - iio:pressure:mpl3115: Force alignment of buffer\n (git-fixes).\n\n - inet_ecn: Fix endianness of checksum update when setting\n ECT(1) (git-fixes).\n\n - iomap: Clear page error before beginning a write\n (bsc#1179683).\n\n - iomap: Mark read blocks uptodate in write_begin\n (bsc#1179684).\n\n - iomap: Set all uptodate bits for an Uptodate page\n (bsc#1179685).\n\n -\n iommu-amd-Increase-interrupt-remapping-table-limit-t.pat\n ch: (bsc#1179652).\n\n - iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs\n (bsc#1179652).\n\n - iwlwifi: mvm: fix kernel panic in case of assert during\n CSA (git-fixes).\n\n - iwlwifi: mvm: hook up missing RX handlers (git-fixes).\n\n - iwlwifi: pcie: add one missing entry for AX210\n (git-fixes).\n\n - iwlwifi: pcie: limit memory read spin time (git-fixes).\n\n - jbd2: fix up sparse warnings in checkpoint code\n (bsc#1179707).\n\n - kABI workaround for HD-audio generic parser (git-fixes).\n\n - kABI workaround for USB audio driver (bsc#1178203).\n\n - kABI: genirq: add back irq_create_mapping (bsc#1065729).\n\n - kdb: Fix pager search for multi-line strings\n (git-fixes).\n\n - kernel/cpu: add arch override for\n clear_tasks_mm_cpumask() mm handling (bsc#1055117\n ltc#159753 git-fixes bsc#1179888 ltc#190253).\n\n - kgdb: Drop malformed kernel doc comment (git-fixes).\n\n - lan743x: fix for potential NULL pointer dereference with\n bare card (git-fixes).\n\n - lib/string: remove unnecessary #undefs (git-fixes).\n\n - libfs: fix error cast of negative value in\n simple_attr_write() (bsc#1179709).\n\n - locking/percpu-rwsem: Use this_cpu_(inc,dec)() for\n read_count (bsc#1149032).\n\n - mac80211: do not set set TDLS STA bandwidth wider than\n possible (git-fixes).\n\n - mac80211: mesh: fix mesh_pathtbl_init() error path\n (git-fixes).\n\n - md-cluster: fix rmmod issue when md_cluster convert\n bitmap to none (bsc#1163727).\n\n - md-cluster: fix safemode_delay value when converting to\n clustered bitmap (bsc#1163727).\n\n - md-cluster: fix wild pointer of unlock_all_bitmaps()\n (bsc#1163727).\n\n - md/bitmap: fix memory leak of temporary bitmap\n (bsc#1163727).\n\n - md/bitmap: md_bitmap_get_counter returns wrong blocks\n (bsc#1163727).\n\n - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks\n (bsc#1163727).\n\n - md/cluster: block reshape with remote resync job\n (bsc#1163727).\n\n - md/cluster: fix deadlock when node is doing resync job\n (bsc#1163727).\n\n - media: gp8psk: initialize stats at power control logic\n (git-fixes).\n\n - media: gspca: Fix memory leak in probe (git-fixes).\n\n - media: imx214: Fix stop streaming (git-fixes).\n\n - media: ipu3-cio2: Make the field on subdev format\n V4L2_FIELD_NONE (git-fixes).\n\n - media: ipu3-cio2: Remove traces of returned buffers\n (git-fixes).\n\n - media: ipu3-cio2: Return actual subdev format\n (git-fixes).\n\n - media: ipu3-cio2: Serialise access to pad format\n (git-fixes).\n\n - media: ipu3-cio2: Validate mbus format in setting subdev\n format (git-fixes).\n\n - media: max2175: fix max2175_set_csm_mode() error code\n (git-fixes).\n\n - media: msi2500: assign SPI bus number dynamically\n (git-fixes).\n\n - media: mtk-vcodec: add missing put_device() call in\n mtk_vcodec_init_dec_pm() (git-fixes).\n\n - media: mtk-vcodec: add missing put_device() call in\n mtk_vcodec_init_enc_pm() (git-fixes).\n\n - media: mtk-vcodec: add missing put_device() call in\n mtk_vcodec_release_dec_pm() (git-fixes).\n\n - media: saa7146: fix array overflow in vidioc_s_audio()\n (git-fixes).\n\n - media: siano: fix memory leak of debugfs members in\n smsdvb_hotplug (git-fixes).\n\n - media: solo6x10: fix missing snd_card_free in error\n handling case (git-fixes).\n\n - media: sunxi-cir: ensure IR is handled when it is\n continuous (git-fixes).\n\n - media: tm6000: Fix sizeof() mismatches (git-fixes).\n\n - media: uvcvideo: Accept invalid bFormatIndex and\n bFrameIndex values (bsc#1180117).\n\n - memstick: fix a double-free bug in memstick_check\n (git-fixes).\n\n - memstick: r592: Fix error return in r592_probe()\n (git-fixes).\n\n - mfd: rt5033: Fix errorneous defines (git-fixes).\n\n - misc: vmw_vmci: fix kernel info-leak by initializing\n dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes).\n\n - mm,memory_failure: always pin the page in\n madvise_inject_error (bsc#1180258).\n\n - mm/error_inject: Fix allow_error_inject function\n signatures (bsc#1179710).\n\n - mm/memory-failure: Add memory_failure_queue_kick()\n (jsc#SLE-16610).\n\n - mm/memory_hotplug: shrink zones when offlining memory\n (bsc#1177679).\n\n - mm/userfaultfd: do not access vma->vm_mm after calling\n handle_userfault() (bsc#1179204).\n\n - mm: memcg: fix memcg reclaim soft lockup (VM\n Functionality, bsc#1180056).\n\n - mmc: block: Fixup condition for CMD13 polling for RPMB\n requests (git-fixes).\n\n - mmc: pxamci: Fix error return code in pxamci_probe\n (git-fixes).\n\n - mtd: rawnand: gpmi: Fix the random DMA timeout issue\n (git-fixes).\n\n - mtd: rawnand: gpmi: fix reference count leak in gpmi ops\n (git-fixes).\n\n - mtd: rawnand: meson: Fix a resource leak in init\n (git-fixes).\n\n - mtd: rawnand: meson: fix meson_nfc_dma_buffer_release()\n arguments (git-fixes).\n\n - mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS\n register read (git-fixes).\n\n - mtd: spinand: Fix OOB read (git-fixes).\n\n - mwifiex: fix mwifiex_shutdown_sw() causing sw reset\n failure (git-fixes).\n\n - net/x25: prevent a couple of overflows (bsc#1178590).\n\n - net: sctp: Rename fallthrough label to unhandled\n (bsc#1178203).\n\n - nfc: s3fwrn5: Release the nfc firmware (git-fixes).\n\n - nvme-fabrics: allow to queue requests for live queues\n (git-fixes).\n\n - nvme-fabrics: do not check state NVME_CTRL_NEW for\n request acceptance (bsc#1179519).\n\n - nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios\n from interrupt context (bsc#1177326).\n\n - nvme-fc: cancel async events before freeing event struct\n (git-fixes).\n\n - nvme-fc: eliminate terminate_io use by\n nvme_fc_error_recovery (bsc#1177326).\n\n - nvme-fc: fix error loop in create_hw_io_queues\n (git-fixes).\n\n - nvme-fc: fix io timeout to abort I/O (bsc#1177326).\n\n - nvme-fc: remove err_work work item (bsc#1177326).\n\n - nvme-fc: remove nvme_fc_terminate_io() (bsc#1177326).\n\n - nvme-fc: shorten reconnect delay if possible for FC\n (git-fixes).\n\n - nvme-fc: track error_recovery while connecting\n (bsc#1177326).\n\n - nvme-fc: wait for queues to freeze before calling\n (git-fixes).\n\n - nvme-force-complete-cancelled-requests.patch:\n (bsc#1175995,bsc#1178756,jsc#SLE-15608). Without this we\n can end up with a series of nvme QID timeouts,\n regardless of filesystem when fstests is used or any\n error injection mechanism is used. Without this fix, we\n end up with 9 failures on xfs, but due to its generic\n nature, will likely end up with other failures on other\n filesystems. This does not allow a clean slate reliable\n fstests run. This fixes that issue. Through code\n inspection I found these changes were already present on\n SLE15-SP3 but not on SLE15-SP2.\n\n - nvme-multipath: fix bogus request queue reference put\n (bsc#1175389).\n\n - nvme-multipath: fix deadlock between ana_work and\n scan_work (git-fixes).\n\n - nvme-multipath: fix deadlock due to head->lock\n (git-fixes).\n\n - nvme-pci: properly print controller address (git-fixes).\n\n - nvme-rdma: avoid race between time out and tear down\n (bsc#1179519).\n\n - nvme-rdma: avoid repeated request completion\n (bsc#1179519).\n\n - nvme-rdma: cancel async events before freeing event\n struct (git-fixes).\n\n - nvme-rdma: fix controller reset hang during traffic\n (bsc#1179519).\n\n - nvme-rdma: fix reset hang if controller died in the\n middle of a reset (bsc#1179519).\n\n - nvme-rdma: fix timeout handler (bsc#1179519).\n\n - nvme-rdma: handle unexpected nvme completion data length\n (bsc#1178612).\n\n - nvme-rdma: serialize controller teardown sequences\n (bsc#1179519).\n\n - nvme-tcp: avoid race between time out and tear down\n (bsc#1179519).\n\n - nvme-tcp: avoid repeated request completion\n (bsc#1179519).\n\n - nvme-tcp: avoid scheduling io_work if we are already\n polling (bsc#1179519).\n\n - nvme-tcp: break from io_work loop if recv failed\n (bsc#1179519).\n\n - nvme-tcp: cancel async events before freeing event\n struct (git-fixes).\n\n - nvme-tcp: do not poll a non-live queue (bsc#1179519).\n\n - nvme-tcp: fix controller reset hang during traffic\n (bsc#1179519).\n\n - nvme-tcp: fix possible crash in recv error flow\n (bsc#1179519).\n\n - nvme-tcp: fix possible leakage during error flow\n (git-fixes).\n\n - nvme-tcp: fix reset hang if controller died in the\n middle of a reset (bsc#1179519).\n\n - nvme-tcp: fix timeout handler (bsc#1179519).\n\n - nvme-tcp: have queue prod/cons send list become a llist\n (bsc#1179519).\n\n - nvme-tcp: leverage request plugging (bsc#1179519).\n\n - nvme-tcp: move send failure to nvme_tcp_try_send\n (bsc#1179519).\n\n - nvme-tcp: optimize network stack with setting msg flags\n (bsc#1179519).\n\n - nvme-tcp: optimize queue io_cpu assignment for multiple\n queue (git-fixes).\n\n - nvme-tcp: serialize controller teardown sequences\n (bsc#1179519).\n\n - nvme-tcp: set MSG_SENDPAGE_NOTLAST with MSG_MORE when we\n have (bsc#1179519).\n\n - nvme-tcp: try to send request in queue_rq context\n (bsc#1179519).\n\n - nvme-tcp: use bh_lock in data_ready (bsc#1179519).\n\n - nvme: Revert: Fix controller creation races with\n teardown (git-fixes).\n\n - nvme: do not protect ns mutation with ns->head->lock\n (git-fixes).\n\n - nvme: have nvme_wait_freeze_timeout return if it timed\n out (bsc#1179519).\n\n - nvme: introduce nvme_sync_io_queues (bsc#1179519).\n\n - nvmet-fc: fix missing check for no hostport struct\n (bsc#1176942).\n\n - nvmet-tcp: fix maxh2cdata icresp parameter\n (bsc#1179892).\n\n - ocfs2: fix unbalanced locking (bsc#1180506).\n\n - orinoco: Move context allocation after processing the\n skb (git-fixes).\n\n - pinctrl: amd: remove debounce filter setting in IRQ type\n setting (git-fixes).\n\n - pinctrl: aspeed: Fix GPIO requests on pass-through banks\n (git-fixes).\n\n - pinctrl: baytrail: Avoid clearing debounce value when\n turning it off (git-fixes).\n\n - pinctrl: falcon: add missing put_device() call in\n pinctrl_falcon_probe() (git-fixes).\n\n - pinctrl: merrifield: Set default bias in case no\n particular value given (git-fixes).\n\n - platform/chrome: cros_ec_spi: Do not overwrite spi::mode\n (git-fixes).\n\n - platform/x86: acer-wmi: add automatic keyboard\n background light toggle key as KEY_LIGHTS_TOGGLE\n (git-fixes).\n\n - platform/x86: dell-smbios-base: Fix error return code in\n dell_smbios_init (git-fixes).\n\n - platform/x86: intel-vbtn: Allow switch events on Acer\n Switch Alpha 12 (git-fixes).\n\n - platform/x86: intel-vbtn: Support for tablet mode on HP\n Pavilion 13 x360 PC (git-fixes).\n\n - platform/x86: mlx-platform: Fix item counter assignment\n for MSN2700, MSN24xx systems (git-fixes).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM from\n MSN274x platform configuration (git-fixes).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM from\n default platform configuration (git-fixes).\n\n - platform/x86: mlx-platform: remove an unused variable\n (git-fixes).\n\n - platform/x86: thinkpad_acpi: Add BAT1 is primary battery\n quirk for Thinkpad Yoga 11e 4th gen (git-fixes).\n\n - platform/x86: thinkpad_acpi: Do not report\n SW_TABLET_MODE on Yoga 11e (git-fixes).\n\n - platform/x86: touchscreen_dmi: Add info for the Irbis\n TW118 tablet (git-fixes).\n\n - power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI\n matching (git-fixes).\n\n - power: supply: bq24190_charger: fix reference leak\n (git-fixes).\n\n - powerpc/64: Set up a kernel stack for secondaries before\n cpu_restore() (bsc#1065729).\n\n - powerpc/64s/powernv: Fix memory corruption when saving\n SLB entries on MCE (jsc#SLE-9246 git-fixes).\n\n - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for\n guest kernels (bsc#1179888 ltc#190253).\n\n - powerpc/64s: Fix allnoconfig build since uaccess flush\n (bsc#1177666 git-fixes).\n\n - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction\n generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888\n ltc#190253).\n\n - powerpc/64s: Trim offlined CPUs from mm_cpumasks\n (bsc#1055117 ltc#159753 git-fixes bsc#1179888\n ltc#190253).\n\n - powerpc/bitops: Fix possible undefined behaviour with\n fls() and fls64() (bsc#1156395).\n\n - powerpc/eeh_cache: Fix a possible debugfs deadlock\n (bsc#1156395).\n\n - powerpc/numa: Fix a regression on memoryless node 0\n (bsc#1179639 ltc#189002).\n\n - powerpc/pci: Remove LSI mappings on device teardown\n (bsc#1172145 ltc#184630).\n\n - powerpc/perf: Fix crash with is_sier_available when pmu\n is not set (bsc#1179578 ltc#189313).\n\n - powerpc/pseries/hibernation: remove redundant cacheinfo\n update (bsc#1138374 ltc#178199 git-fixes).\n\n - powerpc/pseries: Pass MSI affinity to\n irq_create_mapping() (bsc#1065729).\n\n - powerpc/smp: Add __init to init_big_cores() (bsc#1109695\n ltc#171067 git-fixes).\n\n - powerpc/xmon: Change printk() to pr_cont()\n (bsc#1065729).\n\n - powerpc: Avoid broken GCC __attribute__((optimize))\n (bsc#1156395).\n\n - powerpc: Fix incorrect stw(, ux, u, x) instructions in\n __set_pte_at (bsc#1065729).\n\n - pwm: lp3943: Dynamically allocate PWM chip base\n (git-fixes).\n\n - pwm: zx: Add missing cleanup in error path (git-fixes).\n\n - qede: Notify qedr when mtu has changed (bsc#1152489)\n\n - qtnfmac: fix error return code in qtnf_pcie_probe()\n (git-fixes).\n\n - quota: clear padding in v2r1_mem2diskdqb()\n (bsc#1179714).\n\n - r8169: work around power-saving bug on some chip\n versions (git-fixes).\n\n - regmap: Remove duplicate `type` field from regmap\n `regcache_sync` trace event (git-fixes).\n\n - regmap: debugfs: Fix a memory leak when calling\n regmap_attach_dev (git-fixes).\n\n - regmap: debugfs: Fix a reversed if statement in\n regmap_debugfs_init() (git-fixes).\n\n - regulator: axp20x: Fix DLDO2 voltage control register\n mask for AXP22x (git-fixes).\n\n - regulator: mcp16502: add linear_min_sel (git-fixes).\n\n - reiserfs: Fix oops during mount (bsc#1179715).\n\n - reiserfs: Initialize inode keys properly (bsc#1179713).\n\n - remoteproc: q6v5-mss: fix error handling in\n q6v5_pds_enable (git-fixes).\n\n - remoteproc: qcom: Fix potential NULL dereference in\n adsp_init_mmio() (git-fixes).\n\n - remoteproc: qcom: fix reference leak in adsp_start\n (git-fixes).\n\n - rsi: fix error return code in rsi_reset_card()\n (git-fixes).\n\n - rtc: ep93xx: Fix NULL pointer dereference in\n ep93xx_rtc_read_time (git-fixes).\n\n - rtc: hym8563: enable wakeup when applicable (git-fixes).\n\n - rtc: pl031: fix resource leak in pl031_probe\n (git-fixes).\n\n - rtc: sun6i: Fix memleak in sun6i_rtc_clk_init\n (git-fixes).\n\n - rtw88: debug: Fix uninitialized memory in debugfs code\n (git-fixes).\n\n - s390/cpuinfo: show processor physical address\n (git-fixes).\n\n - s390/pci: fix CPU address in MSI for directed IRQ\n (git-fixes).\n\n - s390/qeth: delay draining the TX buffers (git-fixes).\n\n - s390/qeth: fix af_iucv notification race (git-fixes).\n\n - s390/qeth: fix tear down of async TX buffers\n (git-fixes).\n\n - s390/qeth: make af_iucv TX notification call more robust\n (bsc#1179604 LTC#190151).\n\n - s390: add 3f program exception handler (git-fixes).\n\n - samples/bpf: Remove unused test_ipip.sh (bsc#1155518).\n\n - samples: bpf: Refactor test_cgrp2_sock2 program with\n libbpf (bsc#1155518).\n\n - sched/fair: Check for idle core in wake_affine (git\n fixes (sched)).\n\n - sched/fair: Fix overutilized update in\n enqueue_task_fair() (git-fixes)\n\n - sched/fair: Fix race between runtime distribution and\n (git-fixes)\n\n - sched/fair: Fix wrong cpu selecting from isolated domain\n (git-fixes)\n\n - sched/fair: Refill bandwidth before scaling (git-fixes)\n\n - sched: correct SD_flags returned by tl->sd_flags()\n (git-fixes)\n\n - scsi: Remove unneeded break statements (bsc#1175480\n bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: core: Fix VPD LUN ID designator priorities\n (bsc#1178049).\n\n - scsi: core: Return BLK_STS_AGAIN for ALUA transitioning\n (bsc#1165933, bsc#1171000).\n\n - scsi: fnic: Avoid looping in TRANS ETH on unload\n (bsc#1175079).\n\n - scsi: fnic: Change shost_printk() to FNIC_FCS_DBG()\n (bsc#1175079).\n\n - scsi: fnic: Change shost_printk() to FNIC_MAIN_DBG()\n (bsc#1175079).\n\n - scsi: fnic: Set scsi_set_resid() only for underflow\n (bsc#1175079).\n\n - scsi: fnic: Validate io_req before others (bsc#1175079).\n\n - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1175480\n bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and\n SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: Convert SCSI path to use common I/O\n submission path (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4\n handlers (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: Correct null ndlp reference on routine exit\n (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Drop nodelist reference on error in\n lpfc_gen_req() (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: Enable common send_io interface for SCSI and\n NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Enable common wqe_template support for both\n SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: Enlarge max_sectors in scsi host templates\n (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Extend the RDF FPIN Registration descriptor\n for additional events (bsc#1175480 bsc#1176396\n bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in\n pt2pt discovery (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: Fix NPIV Fabric Node reference counting\n (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix NPIV discovery and Fabric Node detection\n (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix duplicate wq_create_version check\n (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix fall-through warnings for Clang\n (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not\n supported (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: Fix invalid sleeping context in\n lpfc_sli4_nvmet_alloc() (bsc#1175480 bsc#1176396\n bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix memory leak on lcb_context (bsc#1175480\n bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix missing prototype for\n lpfc_nvmet_prep_abort_wqe() (bsc#1175480 bsc#1176396\n bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix missing prototype warning for\n lpfc_fdmi_vendor_attr_mi() (bsc#1175480 bsc#1176396\n bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix pointer defereference before it is null\n checked issue (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: Fix refcounting around SCSI and NVMe\n transport APIs (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: Fix removal of SCSI transport device get and\n put on dev structure (bsc#1175480 bsc#1176396\n bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix scheduling call while in softirq context\n in lpfc_unreg_rpi (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: Fix set but not used warnings from Rework\n remote port lock handling (bsc#1175480 bsc#1176396\n bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix set but unused variables in\n lpfc_dev_loss_tmo_handler() (bsc#1175480 bsc#1176396\n bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't'\n (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Fix variable 'vport' set but not used in\n lpfc_sli4_abts_err_handler() (bsc#1175480 bsc#1176396\n bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free()\n (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Refactor WQE structure definitions for\n common use (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: Reject CT request for MIB commands\n (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Remove dead code on second !ndlp check\n (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI\n ultimately fails (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: Remove set but not used 'qp' (bsc#1175480\n bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Remove unneeded variable 'status' in\n lpfc_fcp_cpu_map_store() (bsc#1175480 bsc#1176396\n bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Removed unused macros in lpfc_attr.c\n (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Rework locations of ndlp reference taking\n (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Rework remote port lock handling\n (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Rework remote port ref counting and node\n freeing (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: Unsolicited ELS leaves node in incorrect\n state while dropping it (bsc#1175480 bsc#1176396\n bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Update changed file copyrights for 2020\n (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1175480\n bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1175480\n bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1175480\n bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: Use generic power management (bsc#1175480\n bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: lpfc_attr: Demote kernel-doc format for\n redefined functions (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc\n misdemeanours (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: lpfc_bsg: Provide correct documentation for\n a bunch of functions (bsc#1175480 bsc#1176396\n bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: lpfc_debugfs: Fix a couple of function\n documentation issues (bsc#1175480 bsc#1176396\n bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: lpfc_nvme: Fix some kernel-doc related\n issues (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: lpfc_nvme: Remove unused variable 'phba'\n (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500).\n\n - scsi: lpfc: lpfc_nvmet: Fix-up some formatting and\n doc-rot issues (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc\n issues (bsc#1175480 bsc#1176396 bsc#1176942\n bsc#1177500).\n\n - scsi: mpt3sas: A small correction in\n _base_process_reply_queue (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Add bypass_dirty_port_flag parameter\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Add functions to check if any cmd is\n outstanding on Target and LUN (jsc#SLE-16914,\n bsc#1177733).\n\n - scsi: mpt3sas: Add module parameter multipath_on_hba\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Allocate memory for hba_port objects\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Bump driver version to 35.101.00.00\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Cancel the running work during host reset\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Capture IOC data for debugging purposes\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Define hba_port structure (jsc#SLE-16914,\n bsc#1177733).\n\n - scsi: mpt3sas: Detect tampered Aero and Sea adapters\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Disable DIF when prot_mask set to zero\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Do not call disable_irq from IRQ poll\n handler (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Do not change the DMA coherent mask after\n allocations (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Dump system registers for debugging\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Fix double free warnings (jsc#SLE-16914,\n bsc#1177733).\n\n - scsi: mpt3sas: Fix error returns in BRM_status_show\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Fix memset() in non-RDPQ mode\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Fix reply queue count in non RDPQ mode\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Fix set but unused variable\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Fix sync irqs (jsc#SLE-16914,\n bsc#1177733).\n\n - scsi: mpt3sas: Fix unlock imbalance (jsc#SLE-16914,\n bsc#1177733).\n\n - scsi: mpt3sas: Get device objects using sas_address &\n portID (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Get sas_device objects using device's\n rphy (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G\n region (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Handle vSES vphy object during HBA reset\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Handling HBA vSES device (jsc#SLE-16914,\n bsc#1177733).\n\n - scsi: mpt3sas: Memset config_cmds.reply buffer with\n zeros (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Postprocessing of target and LUN reset\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Rearrange\n _scsih_mark_responding_sas_device() (jsc#SLE-16914,\n bsc#1177733).\n\n - scsi: mpt3sas: Remove NULL check before freeing function\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Remove pci-dma-compat wrapper API\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Remove superfluous memset()\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Rename and export interrupt mask/unmask\n functions (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Rename function name is_MSB_are_same\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Rename\n transport_del_phy_from_an_existing_port()\n (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Separate out RDPQ allocation to new\n function (jsc#SLE-16914, bsc#1177733).\n\n - scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough\n (jsc#SLE-16914, bsc#1177733).\
CVE-2020-36158
