DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2020-36312", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-36312", "description": "An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.", "published": "2021-04-07T00:15:00", "modified": "2021-04-13T18:30:00", "epss": [{"cve": "CVE-2020-36312", "epss": 0.00044, "percentile": 0.10293, "modified": "2023-12-03"}], "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1}, "severity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36312", "reporter": "cve@mitre.org", "references": ["https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f65886606c2d3b562716de030706dfe1bea4ed5e", "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10"], "cvelist": ["CVE-2020-36312"], "immutableFields": [], "lastseen": "2023-12-03T16:04:13", "viewCount": 188, "enchantments": {"dependencies": {"references": [{"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-36312"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2021-4356.NASL", "CENTOS8_RHSA-2021-4140.NASL", "CENTOS8_RHSA-2021-4356.NASL", "EULEROS_SA-2021-1983.NASL", "EULEROS_SA-2021-2051.NASL", "EULEROS_SA-2021-2075.NASL", "EULEROS_SA-2021-2183.NASL", "EULEROS_SA-2021-2272.NASL", "OPENSUSE-2021-1975.NASL", "OPENSUSE-2021-1977.NASL", "OPENSUSE-2021-579.NASL", "OPENSUSE-2021-758.NASL", "REDHAT-RHSA-2021-4140.NASL", "REDHAT-RHSA-2021-4356.NASL", "SUSE_SU-2021-1211-1.NASL", "SUSE_SU-2021-1238-1.NASL", "SUSE_SU-2021-1572-1.NASL", "SUSE_SU-2021-1573-1.NASL", "SUSE_SU-2021-1595-1.NASL", "SUSE_SU-2021-1596-1.NASL", "SUSE_SU-2021-1617-1.NASL", "SUSE_SU-2021-1623-1.NASL", "SUSE_SU-2021-1624-1.NASL", "SUSE_SU-2021-1975-1.NASL", "SUSE_SU-2021-1977-1.NASL"]}, {"type": "prion", "idList": ["PRION:CVE-2020-36312"]}, {"type": "redhat", "idList": ["RHSA-2021:4140", "RHSA-2021:4356", "RHSA-2021:4627", "RHSA-2021:5137"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-36312"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0579-1", "OPENSUSE-SU-2021:0758-1", "OPENSUSE-SU-2021:1975-1", "OPENSUSE-SU-2021:1977-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-36312"]}, {"type": "veracode", "idList": ["VERACODE:30640"]}]}, "score": {"value": 5.7, "uncertanity": 0.5, "vector": "NONE"}, "twitter": {"counter": 6, "modified": "2021-04-14T11:29:21", "tweets": [{"link": "https://twitter.com/threatintelctr/status/1382046034327703554", "text": " NEW: CVE-2020-36312 An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. Severity: MEDIUM https://t.co/v3IBypj2xL?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1382046034327703554", "text": " NEW: CVE-2020-36312 An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. Severity: MEDIUM https://t.co/v3IBypj2xL?amp=1"}, {"link": "https://twitter.com/vigilance_fr/status/1383014569908523008", "text": "Vigil@nce /hashtag/Vuln\u00e9rabilit\u00e9?src=hashtag_click de Noyau Linux : fuite m\u00e9moire via kvm_io_bus_unregister_dev. https://t.co/s6F9fPYV7N?amp=1 R\u00e9f\u00e9rences : /hashtag/CVE?src=hashtag_click-2020-36312. /hashtag/veille?src=hashtag_click"}, {"link": "https://twitter.com/www_sesin_at/status/1383247764763467790", "text": "New post from https://t.co/9KYxtdHHVL?amp=1 (CVE-2020-36312 (linux_kernel)) has been published on https://t.co/1ovTiN8WZO?amp=1"}, {"link": "https://twitter.com/vigilance_en/status/1383014573670813696", "text": "Vigil@nce /hashtag/Vulnerability?src=hashtag_click of Linux kernel: memory leak via kvm_io_bus_unregister_dev. https://t.co/eFsnfxTLwq?amp=1 Identifiers: /hashtag/CVE?src=hashtag_click-2020-36312. /hashtag/watch?src=hashtag_click"}, {"link": "https://twitter.com/WolfgangSesin/status/1383247862566293513", "text": "New post from https://t.co/uXvPWJPHkR?amp=1 (CVE-2020-36312 (linux_kernel)) has been published on https://t.co/JQ92zVhMN6?amp=1"}]}, "backreferences": {"references": [{"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-36312"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2020-36312/"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-2183.NASL", "OPENSUSE-2021-1977.NASL", "SUSE_SU-2021-1211-1.NASL", "SUSE_SU-2021-1975-1.NASL", "SUSE_SU-2021-1977-1.NASL"]}, {"type": "redhat", "idList": ["RHSA-2021:4140"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-36312"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0579-1", "OPENSUSE-SU-2021:0758-1", "OPENSUSE-SU-2021:1975-1", "OPENSUSE-SU-2021:1977-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-36312"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "linux linux kernel", "version": 5}]}, "epss": [{"cve": "CVE-2020-36312", "epss": 0.00044, "percentile": 0.10248, "modified": "2023-05-07"}], "short_description": "Issue in Linux kernel before 5.8.10 with memory leak in kvm_io_bus_unregister_de", "tags": ["linux kernel", "kernel issue", "memory leak", "cve-2020-36312", "nvd", "virt/kvm/kvm_main"], "vulnersScore": 5.7}, "_state": {"dependencies": 1701620241, "score": 1701619518, "affected_software_major_version": 0, "epss": 0, "chatgpt": 0}, "_internal": {"score_hash": "f7bf0c2110a6cdfa21516c695da61af2", "chatgpt": "bcd8b0c2eb1fce714eab6cef0d771acc"}, "cna_cvss": {"cna": "mitre", "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-401"], "affectedSoftware": [{"cpeName": "linux:linux_kernel", "version": "5.8.10", "operator": "lt", "name": "linux linux kernel"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.8.10:*:*:*:*:*:*:*", "versionEndExcluding": "5.8.10", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f65886606c2d3b562716de030706dfe1bea4ed5e", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f65886606c2d3b562716de030706dfe1bea4ed5e", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10", "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10", "refsource": "MISC", "tags": ["Release Notes", "Vendor Advisory"]}], "product_info": [{"vendor": "Linux", "product": "Linux_kernel"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "2021-04-06T00:00:00"}

{"prion": [{"lastseen": "2023-11-22T01:39:01", "description": "An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-07T00:15:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36312"], "modified": "2021-04-13T18:30:00", "id": "PRION:CVE-2020-36312", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-36312", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2022-07-26T16:57:03", "description": "linux-oracle:focal is vulnerable to denial of service. An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-24T09:20:03", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36312"], "modified": "2022-04-19T18:44:51", "id": "VERACODE:30640", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30640/summary", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-05T14:01:07", "description": "An issue was discovered in the Linux kernel before 5.8.10.\nvirt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a\nkmalloc failure, aka CID-f65886606c2d.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-07T00:00:00", "type": "ubuntucve", "title": "CVE-2020-36312", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36312"], "modified": "2021-04-07T00:00:00", "id": "UB:CVE-2020-36312", "href": "https://ubuntu.com/security/CVE-2020-36312", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-12-04T11:40:05", "description": "A flaw was found in the KVM hypervisor of the Linux kernel. A memory leak could occur in kvm_io_bus_unregister_dev() upon a kmalloc failure. The highest threat from this vulnerability is to system availability.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. \n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-09T17:16:37", "type": "redhatcve", "title": "CVE-2020-36312", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36312"], "modified": "2023-07-08T02:11:16", "id": "RH:CVE-2020-36312", "href": "https://access.redhat.com/security/cve/cve-2020-36312", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-12-03T18:27:53", "description": "An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-07T00:15:00", "type": "debiancve", "title": "CVE-2020-36312", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36312"], "modified": "2021-04-07T00:15:00", "id": "DEBIANCVE:CVE-2020-36312", "href": "https://security-tracker.debian.org/tracker/CVE-2020-36312", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:28:26", "description": "The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue within virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).\n\nCVE-2021-29650: Fixed an issue within the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue within arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512).\n\nCVE-2021-28950: Fixed an issue within fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue within the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211, bnc#1184952).\n\nCVE-2021-3444: Fixed incorrect mod32 BPF verifier truncation (bsc#1184170).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-13T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1572-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36310", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-28950", "CVE-2021-29155", "CVE-2021-29650", "CVE-2021-3444"], "modified": "2021-05-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-1572-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149456", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1572-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149456);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/17\");\n\n script_cve_id(\"CVE-2020-36310\", \"CVE-2020-36312\", \"CVE-2020-36322\", \"CVE-2021-28950\", \"CVE-2021-29155\", \"CVE-2021-29650\", \"CVE-2021-3444\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1572-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue within virt/kvm/kvm_main.c that had a\nkvm_io_bus_unregister_dev memory leak upon a kmalloc failure\n(bnc#1184509).\n\nCVE-2021-29650: Fixed an issue within the netfilter subsystem that\nallowed attackers to cause a denial of service (panic) because\nnet/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a\nfull memory barrier upon the assignment of a new table value\n(bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that\nperformed undesirable out-of-bounds speculation on pointer arithmetic,\nleading to side-channel attacks that defeat Spectre mitigations and\nobtain sensitive information from kernel memory. Specifically, for\nsequences of pointer arithmetic operations, the pointer modification\nperformed by the first operation is not correctly accounted for when\nrestricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue within arch/x86/kvm/svm/svm.c that\nallowed a set_memory_region_test infinite loop for certain nested page\nfaults (bnc#1184512).\n\nCVE-2021-28950: Fixed an issue within fs/fuse/fuse_i.h where a 'stall\non CPU' could have occured because a retry loop continually finds the\nsame bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue within the FUSE filesystem\nimplementation where fuse_do_getattr() calls make_bad_inode() in\ninappropriate situations, causing a system crash. NOTE: the original\nfix for this vulnerability was incomplete, and its incompleteness is\ntracked as CVE-2021-28950 (bnc#1184211, bnc#1184952).\n\nCVE-2021-3444: Fixed incorrect mod32 BPF verifier truncation\n(bsc#1184170).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184952\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36310/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36312/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36322/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28950/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29155/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29650/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211572-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab05afda\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1572=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3444\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-16.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-16.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-16.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-16.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-16.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-16.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-16.56.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:21", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue within virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).\n\nCVE-2021-29650: Fixed an issue within the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue within arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512).\n\nCVE-2021-28950: Fixed an issue within fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue within the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211, bnc#1184952).\n\nCVE-2021-3444: Fixed incorrect mod32 BPF verifier truncation (bsc#1184170).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1595-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36310", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-28950", "CVE-2021-29155", "CVE-2021-29650", "CVE-2021-3444"], "modified": "2021-05-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-1595-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149487", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1595-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149487);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/18\");\n\n script_cve_id(\"CVE-2020-36310\", \"CVE-2020-36312\", \"CVE-2020-36322\", \"CVE-2021-28950\", \"CVE-2021-29155\", \"CVE-2021-29650\", \"CVE-2021-3444\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1595-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue within virt/kvm/kvm_main.c that had a\nkvm_io_bus_unregister_dev memory leak upon a kmalloc failure\n(bnc#1184509).\n\nCVE-2021-29650: Fixed an issue within the netfilter subsystem that\nallowed attackers to cause a denial of service (panic) because\nnet/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a\nfull memory barrier upon the assignment of a new table value\n(bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that\nperformed undesirable out-of-bounds speculation on pointer arithmetic,\nleading to side-channel attacks that defeat Spectre mitigations and\nobtain sensitive information from kernel memory. Specifically, for\nsequences of pointer arithmetic operations, the pointer modification\nperformed by the first operation is not correctly accounted for when\nrestricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue within arch/x86/kvm/svm/svm.c that\nallowed a set_memory_region_test infinite loop for certain nested page\nfaults (bnc#1184512).\n\nCVE-2021-28950: Fixed an issue within fs/fuse/fuse_i.h where a 'stall\non CPU' could have occured because a retry loop continually finds the\nsame bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue within the FUSE filesystem\nimplementation where fuse_do_getattr() calls make_bad_inode() in\ninappropriate situations, causing a system crash. NOTE: the original\nfix for this vulnerability was incomplete, and its incompleteness is\ntracked as CVE-2021-28950 (bnc#1184211, bnc#1184952).\n\nCVE-2021-3444: Fixed incorrect mod32 BPF verifier truncation\n(bsc#1184170).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183947\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184952\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36310/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36312/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36322/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28950/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29155/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29650/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3444/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211595-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc024750\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2021-1595=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1595=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1595=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1595=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2021-1595=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3444\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.71.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.71.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.71.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.71.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.71.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.71.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.71.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.71.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.71.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:27", "description": "The openSUSE Linux Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\n - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).\n\n - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).\n\n - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194).\n\n - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ).\n\n - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).\n\n - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512).\n\n - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).\n\n - CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211).\n\nThe following non-security bugs were fixed :\n\n - ALSA: aloop: Fix initialization of controls (git-fixes).\n\n - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes).\n\n - appletalk: Fix skb allocation size in loopback case (git-fixes).\n\n - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes).\n\n - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).\n\n - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes).\n\n - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes).\n\n - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes).\n\n - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes).\n\n - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes).\n\n - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes).\n\n - atl1c: fix error return code in atl1c_probe() (git-fixes).\n\n - atl1e: fix error return code in atl1e_probe() (git-fixes).\n\n - batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes).\n\n - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518).\n\n - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518).\n\n - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518).\n\n - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes).\n\n - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes).\n\n - cifs: change noisy error message to FYI (bsc#1181507).\n\n - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507).\n\n - cifs: do not send close in compound create+close requests (bsc#1181507).\n\n - cifs: New optype for session operations (bsc#1181507).\n\n - cifs: print MIDs in decimal notation (bsc#1181507).\n\n - cifs: return proper error code in statfs(2) (bsc#1181507).\n\n - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).\n\n - clk: fix invalid usage of list cursor in register (git-fixes).\n\n - clk: fix invalid usage of list cursor in unregister (git-fixes).\n\n - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).\n\n - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485).\n\n - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes).\n\n - drm/amdgpu: check alignment on CPU page for bo map (git-fixes).\n\n - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes).\n\n - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074).\n\n - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes).\n\n - drm/msm: Ratelimit invalid-fence message (git-fixes).\n\n - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes).\n\n - enetc: Fix reporting of h/w packet counters (git-fixes).\n\n - fix Patch-mainline:\n patches.suse/cifs_debug-use-pd-instead-of-messing-with-d\n _name.patch\n\n - fix patch metadata\n\n - fuse: fix bad inode (bsc#1184211).\n\n - fuse: fix live lock in fuse_iget() (bsc#1184211).\n\n - gianfar: Handle error code at MAC address change (git-fixes).\n\n - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025).\n\n - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025).\n\n - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926).\n\n - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585).\n\n - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).\n\n - libbpf: Fix INSTALL flag order (bsc#1155518).\n\n - libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518).\n\n - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes).\n\n - mac80211: choose first enabled channel for monitor (git-fixes).\n\n - mac80211: fix TXQ AC confusion (git-fixes).\n\n - mISDN: fix crash in fritzpci (git-fixes).\n\n - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes).\n\n - net: b44: fix error return code in b44_init_one() (git-fixes).\n\n - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes).\n\n - net: hns3: Remove the left over redundant check & assignment (bsc#1154353).\n\n - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes).\n\n - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).\n\n - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes).\n\n - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes).\n\n - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes).\n\n - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)\n\n - net: wan/lmc: unregister device when no matching device is found (git-fixes).\n\n - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes).\n\n - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes).\n\n - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes).\n\n - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).\n\n - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729).\n\n - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).\n\n - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729).\n\n - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395).\n\n - powerpc/sstep: Fix darn emulation (bsc#1156395).\n\n - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395).\n\n - powerpc/sstep: Fix load-store and update emulation (bsc#1156395).\n\n - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes).\n\n - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489).\n\n - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).\n\n - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12.\n\n - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally.\n\n - samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518).\n\n - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231).\n\n - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).\n\n - smb3: fix crediting for compounding when only one request in flight (bsc#1181507).\n\n - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes).\n\n - staging: comedi: cb_pcidas64: fix request_irq() warn (git-fixes).\n\n - staging: comedi: cb_pcidas: fix request_irq() warn (git-fixes).\n\n - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes).\n\n - USB: cdc-acm: downgrade message to debug (git-fixes).\n\n - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes).\n\n - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes).\n\n - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes).\n\n - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489).\n\n - x86/ioapic: Ignore IRQ2 again (bsc#1152489).\n\n - x86/mem_encrypt: Correct physical address calculation in\n __set_clr_pte_enc() (bsc#1152489).\n\n - xen/events: fix setting irq affinity (bsc#1184583).", "cvss3": {}, "published": "2021-05-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2021-579)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-28950", "CVE-2021-29154", "CVE-2021-30002", "CVE-2021-3483"], "modified": "2021-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo", "p-cpe:/a:novell:opensuse:kernel-preempt-debugsource", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-579.NASL", "href": "https://www.tenable.com/plugins/nessus/149605", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-579.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149605);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/20\");\n\n script_cve_id(\"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-25673\", \"CVE-2020-36310\", \"CVE-2020-36311\", \"CVE-2020-36312\", \"CVE-2020-36322\", \"CVE-2021-28950\", \"CVE-2021-29154\", \"CVE-2021-30002\", \"CVE-2021-3483\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2021-579)\");\n script_summary(english:\"Check for the openSUSE-2021-579 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Linux Leap 15.2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-3483: Fixed a use-after-free in nosy.c\n (bsc#1184393).\n\n - CVE-2021-30002: Fixed a memory leak for large arguments\n in video_usercopy (bsc#1184120).\n\n - CVE-2021-29154: Fixed incorrect computation of branch\n displacements, allowing arbitrary code execution\n (bsc#1184391).\n\n - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due\n to a retry loop continually was finding the same bad\n inode (bsc#1184194).\n\n - CVE-2020-36312: Fixed a memory leak upon a kmalloc\n failure (bsc#1184509 ).\n\n - CVE-2020-36311: Fixed a denial of service (soft lockup)\n by triggering destruction of a large SEV VM\n (bsc#1184511).\n\n - CVE-2020-36310: Fixed infinite loop for certain nested\n page faults (bsc#1184512).\n\n - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672,\n CVE-2020-25673: Fixed multiple bugs in NFC subsytem\n (bsc#1178181).\n\n - CVE-2020-36322: Fixed an issue was discovered in FUSE\n filesystem implementation which could have caused a\n system crash (bsc#1184211).\n\nThe following non-security bugs were fixed :\n\n - ALSA: aloop: Fix initialization of controls (git-fixes).\n\n - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire\n E1 (git-fixes).\n\n - appletalk: Fix skb allocation size in loopback case\n (git-fixes).\n\n - ASoC: cygnus: fix for_each_child.cocci warnings\n (git-fixes).\n\n - ASoC: fsl_esai: Fix TDM slot setup for I2S mode\n (git-fixes).\n\n - ASoC: intel: atom: Remove 44100 sample-rate from the\n media and deep-buffer DAI descriptions (git-fixes).\n\n - ASoC: intel: atom: Stop advertising non working S24LE\n support (git-fixes).\n\n - ASoC: max98373: Added 30ms turn on/off time delay\n (git-fixes).\n\n - ASoC: sunxi: sun4i-codec: fill ASoC card owner\n (git-fixes).\n\n - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled\n for some chips (git-fixes).\n\n - ath10k: hold RCU lock when calling\n ieee80211_find_sta_by_ifaddr() (git-fixes).\n\n - atl1c: fix error return code in atl1c_probe()\n (git-fixes).\n\n - atl1e: fix error return code in atl1e_probe()\n (git-fixes).\n\n - batman-adv: initialize 'struct\n batadv_tvlv_tt_vlan_data'->reserved field (git-fixes).\n\n - bpf: Fix verifier jsgt branch analysis on max bound\n (bsc#1155518).\n\n - bpf: Remove MTU check in __bpf_skb_max_len\n (bsc#1155518).\n\n - bpf, sockmap: Fix sk->prot unhash op reset\n (bsc#1155518).\n\n - brcmfmac: clear EAP/association status bits on linkdown\n events (git-fixes).\n\n - bus: ti-sysc: Fix warning on unbind if reset is not\n deasserted (git-fixes).\n\n - cifs: change noisy error message to FYI (bsc#1181507).\n\n - cifs_debug: use %pd instead of messing with ->d_name\n (bsc#1181507).\n\n - cifs: do not send close in compound create+close\n requests (bsc#1181507).\n\n - cifs: New optype for session operations (bsc#1181507).\n\n - cifs: print MIDs in decimal notation (bsc#1181507).\n\n - cifs: return proper error code in statfs(2)\n (bsc#1181507).\n\n - cifs: Tracepoints and logs for tracing credit changes\n (bsc#1181507).\n\n - clk: fix invalid usage of list cursor in register\n (git-fixes).\n\n - clk: fix invalid usage of list cursor in unregister\n (git-fixes).\n\n - clk: socfpga: fix iomem pointer cast on 64-bit\n (git-fixes).\n\n - dm mpath: switch paths in dm_blk_ioctl() code path\n (bsc#1167574, bsc#1175995, bsc#1184485).\n\n - drivers: video: fbcon: fix NULL dereference in\n fbcon_cursor() (git-fixes).\n\n - drm/amdgpu: check alignment on CPU page for bo map\n (git-fixes).\n\n - drm/amdgpu: fix offset calculation in\n amdgpu_vm_bo_clear_mappings() (git-fixes).\n\n - drm/i915: Fix invalid access to ACPI _DSM objects\n (bsc#1184074).\n\n - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup\n to other GPUs (git-fixes).\n\n - drm/msm: Ratelimit invalid-fence message (git-fixes).\n\n - drm/msm: Set drvdata to NULL when msm_drm_init() fails\n (git-fixes).\n\n - enetc: Fix reporting of h/w packet counters (git-fixes).\n\n - fix Patch-mainline:\n patches.suse/cifs_debug-use-pd-instead-of-messing-with-d\n _name.patch\n\n - fix patch metadata\n\n - fuse: fix bad inode (bsc#1184211).\n\n - fuse: fix live lock in fuse_iget() (bsc#1184211).\n\n - gianfar: Handle error code at MAC address change\n (git-fixes).\n\n - i40e: Fix parameters in aq_get_phy_register()\n (jsc#SLE-8025).\n\n - i40e: Fix sparse error: 'vsi->netdev' could be null\n (jsc#SLE-8025).\n\n - ice: remove DCBNL_DEVRESET bit from PF state\n (jsc#SLE-7926).\n\n - iommu/vt-d: Use device numa domain if RHSA is missing\n (bsc#1184585).\n\n - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295\n git-fixes).\n\n - libbpf: Fix INSTALL flag order (bsc#1155518).\n\n - libbpf: Only create rx and tx XDP rings when necessary\n (bsc#1155518).\n\n - locking/mutex: Fix non debug version of\n mutex_lock_io_nested() (git-fixes).\n\n - mac80211: choose first enabled channel for monitor\n (git-fixes).\n\n - mac80211: fix TXQ AC confusion (git-fixes).\n\n - mISDN: fix crash in fritzpci (git-fixes).\n\n - net: atheros: switch from 'pci_' to 'dma_' API\n (git-fixes).\n\n - net: b44: fix error return code in b44_init_one()\n (git-fixes).\n\n - net: ethernet: ti: cpsw: fix error return code in\n cpsw_probe() (git-fixes).\n\n - net: hns3: Remove the left over redundant check &\n assignment (bsc#1154353).\n\n - net: lantiq: Wait for the GPHY firmware to be ready\n (git-fixes).\n\n - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).\n\n - net: pasemi: fix error return code in pasemi_mac_open()\n (git-fixes).\n\n - net: phy: broadcom: Only advertise EEE for supported\n modes (git-fixes).\n\n - net: qualcomm: rmnet: Fix incorrect receive packet\n handling during cleanup (git-fixes).\n\n - net: sched: disable TCQ_F_NOLOCK for pfifo_fast\n (bsc#1183405)\n\n - net: wan/lmc: unregister device when no matching device\n is found (git-fixes).\n\n - platform/x86: intel-hid: Support Lenovo ThinkPad X1\n Tablet Gen 2 (git-fixes).\n\n - platform/x86: thinkpad_acpi: Allow the FnLock LED to\n change state (git-fixes).\n\n - PM: runtime: Fix ordering in pm_runtime_get_suppliers()\n (git-fixes).\n\n - post.sh: Return an error when module update fails\n (bsc#1047233 bsc#1184388).\n\n - powerpc/64s: Fix instruction encoding for lis in\n ppc_function_entry() (bsc#1065729).\n\n - powerpc/pmem: Include pmem prototypes (bsc#1113295\n git-fixes).\n\n - powerpc/pseries/ras: Remove unused variable 'status'\n (bsc#1065729).\n\n - powerpc/sstep: Check instruction validity against ISA\n version before emulation (bsc#1156395).\n\n - powerpc/sstep: Fix darn emulation (bsc#1156395).\n\n - powerpc/sstep: Fix incorrect return from analyze_instr()\n (bsc#1156395).\n\n - powerpc/sstep: Fix load-store and update emulation\n (bsc#1156395).\n\n - qlcnic: fix error return code in\n qlcnic_83xx_restart_hw() (git-fixes).\n\n - RAS/CEC: Correct ce_add_elem()'s returned values\n (bsc#1152489).\n\n - regulator: bd9571mwv: Fix AVS and DVFS voltage range\n (git-fixes).\n\n - rpm/check-for-config-changes: Also ignore AS_VERSION\n added in 5.12.\n\n - rpm/kernel-binary.spec.in: Fix dependency of\n kernel-*-devel package (bsc#1184514) The devel package\n requires the kernel binary package itself for building\n modules externally.\n\n - samples/bpf: Fix possible hang in xdpsock with multiple\n threads (bsc#1155518).\n\n - scsi: ibmvfc: Fix invalid state machine BUG_ON()\n (bsc#1184647 ltc#191231).\n\n - smb3: add dynamic trace point to trace when credits\n obtained (bsc#1181507).\n\n - smb3: fix crediting for compounding when only one\n request in flight (bsc#1181507).\n\n - soc/fsl: qbman: fix conflicting alignment attributes\n (git-fixes).\n\n - staging: comedi: cb_pcidas64: fix request_irq() warn\n (git-fixes).\n\n - staging: comedi: cb_pcidas: fix request_irq() warn\n (git-fixes).\n\n - thermal/core: Add NULL pointer check before using\n cooling device stats (git-fixes).\n\n - USB: cdc-acm: downgrade message to debug (git-fixes).\n\n - USB: cdc-acm: untangle a circular dependency between\n callback and softint (git-fixes).\n\n - usbip: vhci_hcd fix shift out-of-bounds in\n vhci_hub_control() (git-fixes).\n\n - USB: quirks: ignore remote wake-up on Fibocom L850-GL\n LTE modem (git-fixes).\n\n - x86: Introduce TS_COMPAT_RESTART to fix\n get_nr_restart_syscall() (bsc#1152489).\n\n - x86/ioapic: Ignore IRQ2 again (bsc#1152489).\n\n - x86/mem_encrypt: Correct physical address calculation in\n __set_clr_pte_enc() (bsc#1152489).\n\n - xen/events: fix setting irq affinity (bsc#1184583).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184647\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debuginfo-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debugsource-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-debuginfo-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debuginfo-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debugsource-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-debuginfo-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-devel-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-docs-html-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debuginfo-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debugsource-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-macros-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-debugsource-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-qa-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debuginfo-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debugsource-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-vanilla-5.3.18-lp152.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-syms-5.3.18-lp152.72.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-debuginfo / kernel-debug-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:56", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A 'stall on CPU' can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.(CVE-2021-28950)\n\n - An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.(CVE-2020-36312)\n\n - An issue was discovered in the Linux kernel before 5.9.\n arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.(CVE-2020-36311)\n\n - An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.(CVE-2021-3506)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.(CVE-2021-31916)\n\n - An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.(CVE-2019-16089)\n\n - The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ('bpf: Fix truncation handling for mod32 dst reg wrt zero') and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.(CVE-2021-3444)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.(CVE-2021-29155)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.(CVE-2021-31829)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.(CVE-2021-32399)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.(CVE-2021-33034)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.(CVE-2021-33033)\n\n - Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.(CVE-2021-23134)\n\n - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect(CVE-2020-25672)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.(CVE-2020-25671)\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.(CVE-2020-25670)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root.\n In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.(CVE-2021-33200)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-07-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-2183)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16089", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-36311", "CVE-2020-36312", "CVE-2021-23134", "CVE-2021-28950", "CVE-2021-29155", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33033", "CVE-2021-33034", "CVE-2021-33200", "CVE-2021-3444", "CVE-2021-3506"], "modified": "2021-07-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-2183.NASL", "href": "https://www.tenable.com/plugins/nessus/151562", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151562);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/15\");\n\n script_cve_id(\n \"CVE-2019-16089\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2021-23134\",\n \"CVE-2021-28950\",\n \"CVE-2021-29155\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-32399\",\n \"CVE-2021-33033\",\n \"CVE-2021-33034\",\n \"CVE-2021-33200\",\n \"CVE-2021-3444\",\n \"CVE-2021-3506\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-2183)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in fs/fuse/fuse_i.h in the\n Linux kernel before 5.11.8. A 'stall on CPU' can occur\n because a retry loop continually finds the same bad\n inode, aka CID-775c5033a0d1.(CVE-2021-28950)\n\n - An issue was discovered in the Linux kernel before\n 5.8.10. virt/kvm/kvm_main.c has a\n kvm_io_bus_unregister_dev memory leak upon a kmalloc\n failure, aka CID-f65886606c2d.(CVE-2020-36312)\n\n - An issue was discovered in the Linux kernel before 5.9.\n arch/x86/kvm/svm/sev.c allows attackers to cause a\n denial of service (soft lockup) by triggering\n destruction of a large SEV VM (which requires\n unregistering many encrypted regions), aka\n CID-7be74942f184.(CVE-2020-36311)\n\n - An out-of-bounds (OOB) memory access flaw was found in\n fs/f2fs/node.c in the f2fs module in the Linux kernel\n in versions before 5.12.0-rc4. A bounds check failure\n allows a local attacker to gain access to out-of-bounds\n memory leading to a system crash or a leak of internal\n kernel information. The highest threat from this\n vulnerability is to system availability.(CVE-2021-3506)\n\n - An out-of-bounds (OOB) memory write flaw was found in\n list_devices in drivers/md/dm-ioctl.c in the\n Multi-device driver module in the Linux kernel before\n 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access\n to out-of-bounds memory leading to a system crash or a\n leak of internal kernel information. The highest threat\n from this vulnerability is to system\n availability.(CVE-2021-31916)\n\n - An issue was discovered in the Linux kernel through\n 5.2.13. nbd_genl_status in drivers/block/nbd.c does not\n check the nla_nest_start_noflag return\n value.(CVE-2019-16089)\n\n - The bpf verifier in the Linux kernel did not properly\n handle mod32 destination register truncation when the\n source register was known to be 0. A local attacker\n with the ability to load bpf programs could use this\n gain out-of-bounds reads in kernel memory leading to\n information disclosure (kernel memory), and possibly\n out-of-bounds writes that could potentially lead to\n code execution. This issue was addressed in the\n upstream kernel in commit 9b00f1b78809 ('bpf: Fix\n truncation handling for mod32 dst reg wrt zero') and in\n Linux stable kernels 5.11.2, 5.10.19, and\n 5.4.101.(CVE-2021-3444)\n\n - An issue was discovered in the Linux kernel through\n 5.11.x. kernel/bpf/verifier.c performs undesirable\n out-of-bounds speculation on pointer arithmetic,\n leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from\n kernel memory. Specifically, for sequences of pointer\n arithmetic operations, the pointer modification\n performed by the first operation is not correctly\n accounted for when restricting subsequent\n operations.(CVE-2021-29155)\n\n - kernel/bpf/verifier.c in the Linux kernel through\n 5.12.1 performs undesirable speculative loads, leading\n to disclosure of stack content via side-channel\n attacks, aka CID-801c6058d14a. The specific concern is\n not protecting the BPF stack area against speculative\n loads. Also, the BPF stack can contain uninitialized\n data that might represent sensitive information\n previously operated on by the kernel.(CVE-2021-31829)\n\n - net/bluetooth/hci_request.c in the Linux kernel through\n 5.12.2 has a race condition for removal of the HCI\n controller.(CVE-2021-32399)\n\n - In the Linux kernel before 5.12.4,\n net/bluetooth/hci_event.c has a use-after-free when\n destroying an hci_chan, aka CID-5c4c8c954409. This\n leads to writing an arbitrary value.(CVE-2021-33034)\n\n - The Linux kernel before 5.11.14 has a use-after-free in\n cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the\n CIPSO and CALIPSO refcounting for the DOI definitions\n is mishandled, aka CID-ad5d07f4a9cd. This leads to\n writing an arbitrary value.(CVE-2021-33033)\n\n - Use After Free vulnerability in nfc sockets in the\n Linux Kernel before 5.12.4 allows local attackers to\n elevate their privileges. In typical configurations,\n the issue can only be triggered by a privileged local\n user with the CAP_NET_RAW capability.(CVE-2021-23134)\n\n - A memory leak vulnerability was found in Linux kernel\n in llcp_sock_connect(CVE-2020-25672)\n\n - A vulnerability was found in Linux Kernel, where a\n refcount leak in llcp_sock_connect() causing\n use-after-free which might lead to privilege\n escalations.(CVE-2020-25671)\n\n - A vulnerability was found in Linux Kernel where\n refcount leak in llcp_sock_bind() causing\n use-after-free which might lead to privilege\n escalations.(CVE-2020-25670)\n\n - kernel/bpf/verifier.c in the Linux kernel through\n 5.12.7 enforces incorrect limits for pointer arithmetic\n operations, aka CID-bb01a1bba579. This can be abused to\n perform out-of-bounds reads and writes in kernel\n memory, leading to local privilege escalation to root.\n In particular, there is a corner case where the off reg\n causes a masking direction change, which then results\n in an incorrect final aux->alu_limit.(CVE-2021-33200)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2183\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e73babb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.90-vhulk2103.1.0.h487.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2103.1.0.h487.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2103.1.0.h487.eulerosv2r9\",\n \"perf-4.19.90-vhulk2103.1.0.h487.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:35", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.(CVE-2021-33200)A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.(CVE-2020-25670)A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.(CVE-2020-25671)A memory leak vulnerability was found in Linux kernel in llcp_sock_connect(CVE-2020-25672)An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/ Node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.(CVE-2021-3506)The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.(CVE-2020-25220)The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.(CVE-2021-33033)kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a.\n The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.(CVE-2021-31829)An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8.\n A(CVE-2021-28950)net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.(CVE-2021-32399)In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.(CVE-2021-33034)An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.(CVE-2021-31916)Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.(CVE-2021-23134)An issue was discovered in the Linux kernel before 5.9.\n arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.(CVE-2020-36311)An issue was discovered in the Linux kernel before 5.8.10.\n virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.(CVE-2020-36312)The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ('bpf: Fix truncation handling for mod32 dst reg wrt zero') and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.(CVE-2021-3444)An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.(CVE-2021-29155)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-08-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2272)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14356", "CVE-2020-25220", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-36311", "CVE-2020-36312", "CVE-2021-23134", "CVE-2021-28950", "CVE-2021-29155", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33033", "CVE-2021-33034", "CVE-2021-33200", "CVE-2021-3444", "CVE-2021-3506"], "modified": "2021-08-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2272.NASL", "href": "https://www.tenable.com/plugins/nessus/152313", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152313);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/11\");\n\n script_cve_id(\n \"CVE-2020-25220\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2021-23134\",\n \"CVE-2021-28950\",\n \"CVE-2021-29155\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-32399\",\n \"CVE-2021-33033\",\n \"CVE-2021-33034\",\n \"CVE-2021-33200\",\n \"CVE-2021-3444\",\n \"CVE-2021-3506\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2272)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):kernel/bpf/verifier.c in\n the Linux kernel through 5.12.7 enforces incorrect\n limits for pointer arithmetic operations, aka\n CID-bb01a1bba579. This can be abused to perform\n out-of-bounds reads and writes in kernel memory,\n leading to local privilege escalation to root. In\n particular, there is a corner case where the off reg\n causes a masking direction change, which then results\n in an incorrect final aux->alu_limit.(CVE-2021-33200)A\n vulnerability was found in Linux Kernel where refcount\n leak in llcp_sock_bind() causing use-after-free which\n might lead to privilege escalations.(CVE-2020-25670)A\n vulnerability was found in Linux Kernel, where a\n refcount leak in llcp_sock_connect() causing\n use-after-free which might lead to privilege\n escalations.(CVE-2020-25671)A memory leak vulnerability\n was found in Linux kernel in\n llcp_sock_connect(CVE-2020-25672)An out-of-bounds (OOB)\n memory access flaw was found in fs/f2fs/ Node.c in the\n f2fs module in the Linux kernel in versions before\n 5.12.0-rc4. A bounds check failure allows a local\n attacker to gain access to out-of-bounds memory leading\n to a system crash or a leak of internal kernel\n information. The highest threat from this vulnerability\n is to system availability.(CVE-2021-3506)The Linux\n kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194,\n and 4.19.x before 4.19.140 has a use-after-free because\n skcd->no_refcnt was not considered during a backport of\n a CVE-2020-14356 patch. This is related to the cgroups\n feature.(CVE-2020-25220)The Linux kernel before 5.11.14\n has a use-after-free in cipso_v4_genopt in\n net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO\n refcounting for the DOI definitions is mishandled, aka\n CID-ad5d07f4a9cd. This leads to writing an arbitrary\n value.(CVE-2021-33033)kernel/bpf/verifier.c in the\n Linux kernel through 5.12.1 performs undesirable\n speculative loads, leading to disclosure of stack\n content via side-channel attacks, aka CID-801c6058d14a.\n The specific concern is not protecting the BPF stack\n area against speculative loads. Also, the BPF stack can\n contain uninitialized data that might represent\n sensitive information previously operated on by the\n kernel.(CVE-2021-31829)An issue was discovered in\n fs/fuse/fuse_i.h in the Linux kernel before 5.11.8.\n A(CVE-2021-28950)net/bluetooth/hci_request.c in the\n Linux kernel through 5.12.2 has a race condition for\n removal of the HCI controller.(CVE-2021-32399)In the\n Linux kernel before 5.12.4, net/bluetooth/hci_event.c\n has a use-after-free when destroying an hci_chan, aka\n CID-5c4c8c954409. This leads to writing an arbitrary\n value.(CVE-2021-33034)An out-of-bounds (OOB) memory\n write flaw was found in list_devices in\n drivers/md/dm-ioctl.c in the Multi-device driver module\n in the Linux kernel before 5.12. A bound check failure\n allows an attacker with special user (CAP_SYS_ADMIN)\n privilege to gain access to out-of-bounds memory\n leading to a system crash or a leak of internal kernel\n information. The highest threat from this vulnerability\n is to system availability.(CVE-2021-31916)Use After\n Free vulnerability in nfc sockets in the Linux Kernel\n before 5.12.4 allows local attackers to elevate their\n privileges. In typical configurations, the issue can\n only be triggered by a privileged local user with the\n CAP_NET_RAW capability.(CVE-2021-23134)An issue was\n discovered in the Linux kernel before 5.9.\n arch/x86/kvm/svm/sev.c allows attackers to cause a\n denial of service (soft lockup) by triggering\n destruction of a large SEV VM (which requires\n unregistering many encrypted regions), aka\n CID-7be74942f184.(CVE-2020-36311)An issue was\n discovered in the Linux kernel before 5.8.10.\n virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev\n memory leak upon a kmalloc failure, aka\n CID-f65886606c2d.(CVE-2020-36312)The bpf verifier in\n the Linux kernel did not properly handle mod32\n destination register truncation when the source\n register was known to be 0. A local attacker with the\n ability to load bpf programs could use this gain\n out-of-bounds reads in kernel memory leading to\n information disclosure (kernel memory), and possibly\n out-of-bounds writes that could potentially lead to\n code execution. This issue was addressed in the\n upstream kernel in commit 9b00f1b78809 ('bpf: Fix\n truncation handling for mod32 dst reg wrt zero') and in\n Linux stable kernels 5.11.2, 5.10.19, and\n 5.4.101.(CVE-2021-3444)An issue was discovered in the\n Linux kernel through 5.11.x. kernel/bpf/verifier.c\n performs undesirable out-of-bounds speculation on\n pointer arithmetic, leading to side-channel attacks\n that defeat Spectre mitigations and obtain sensitive\n information from kernel memory. Specifically, for\n sequences of pointer arithmetic operations, the pointer\n modification performed by the first operation is not\n correctly accounted for when restricting subsequent\n operations.(CVE-2021-29155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2272\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0abdb7aa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.90-vhulk2103.1.0.h487.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2103.1.0.h487.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2103.1.0.h487.eulerosv2r9\",\n \"python3-perf-4.19.90-vhulk2103.1.0.h487.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-06T17:18:35", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.(CVE-2021-29265)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.(CVE-2021-28964)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8.(CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.(CVE-2020-36312)\n\n - An issue was discovered in the Linux kernel before 5.9.\n arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.(CVE-2020-36311)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.(CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)\n\n - An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information.\n The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.(CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.(CVE-2021-29647)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.(CVE-2020-36322)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.(CVE-2021-27365)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected(CVE-2021-3483)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.(CVE-2021-30002)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.(CVE-2021-28688)\n\n - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.(CVE-2021-23133)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-06-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1983)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27170", "CVE-2020-27171", "CVE-2020-35519", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-23133", "CVE-2021-27365", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-3483"], "modified": "2021-06-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-source", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1983.NASL", "href": "https://www.tenable.com/plugins/nessus/151042", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151042);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/30\");\n\n script_cve_id(\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-35519\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2020-36322\",\n \"CVE-2021-23133\",\n \"CVE-2021-27365\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-30002\",\n \"CVE-2021-3483\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1983)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in the Linux kernel before\n 5.11.7. usbip_sockfd_store in\n drivers/usb/usbip/stub_dev.c allows attackers to cause\n a denial of service (GPF) because the stub-up sequence\n has race conditions during an update of the local and\n shared status, aka CID-9380afd6df70.(CVE-2021-29265)\n\n - A race condition was discovered in get_old_root in\n fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG)\n because of a lack of locking on an extent buffer before\n a cloning operation, aka\n CID-dbcc7d57bffc.(CVE-2021-28964)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux\n kernel through 5.11.8, the RPA PCI Hotplug driver has a\n user-tolerable buffer overflow when writing a new\n device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame\n directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination,\n aka CID-cc7a0bb058b8.(CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel before\n 5.8.10. virt/kvm/kvm_main.c has a\n kvm_io_bus_unregister_dev memory leak upon a kmalloc\n failure, aka CID-f65886606c2d.(CVE-2020-36312)\n\n - An issue was discovered in the Linux kernel before 5.9.\n arch/x86/kvm/svm/sev.c allows attackers to cause a\n denial of service (soft lockup) by triggering\n destruction of a large SEV VM (which requires\n unregistering many encrypted regions), aka\n CID-7be74942f184.(CVE-2020-36311)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12\n have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the\n kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and\n arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before\n 5.11.8. kernel/bpf/verifier.c performs undesirable\n out-of-bounds speculation on pointer arithmetic,\n leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from\n kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a\n ptr_limit.(CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before\n 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting\n out-of-bounds speculation on pointer arithmetic,\n leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from\n kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)\n\n - An out-of-bounds (OOB) memory access flaw was found in\n x25_bind in net/x25/af_x25.c in the Linux kernel\n version v5.12-rc5. A bounds check failure allows a\n local attacker with a user account on the system to\n gain access to out-of-bounds memory, leading to a\n system crash or a leak of internal kernel information.\n The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system\n availability.(CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel through\n 5.11.10. drivers/net/ethernet/freescale/gianfar.c in\n the Freescale Gianfar Ethernet driver allows attackers\n to cause a system crash because a negative fragment\n size is calculated in situations involving an rx queue\n overrun when jumbo packets are used and NAPI is\n enabled, aka CID-d8861bab48b6.(CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before\n 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel\n memory because of a partially uninitialized data\n structure, aka CID-50535249f624.(CVE-2021-29647)\n\n - An issue was discovered in the FUSE filesystem\n implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls\n make_bad_inode() in inappropriate situations, causing a\n system crash. NOTE: the original fix for this\n vulnerability was incomplete, and its incompleteness is\n tracked as CVE-2021-28950.(CVE-2020-36322)\n\n - An issue was discovered in the Linux kernel through\n 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can\n exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI,\n and has a length up to the maximum length of a Netlink\n message.(CVE-2021-27365)\n\n - A flaw was found in the Nosy driver in the Linux\n kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free\n when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. Versions\n before kernel 5.12-rc6 are affected(CVE-2021-3483)\n\n - An issue was discovered in the Linux kernel before\n 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak\n for large arguments, aka\n CID-fb18802a338b.(CVE-2021-30002)\n\n - The fix for XSA-365 includes initialization of pointers\n such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went\n too far and may under certain conditions also overwrite\n pointers which are in need of cleaning up. The lack of\n cleanup would result in leaking persistent grants. The\n leak in turn would prevent fully cleaning up after a\n respective guest has died, leaving around zombie\n domains. All Linux versions having the fix for XSA-365\n applied are vulnerable. XSA-365 was classified to\n affect versions back to at least 3.11.(CVE-2021-28688)\n\n - A race condition in Linux kernel SCTP sockets\n (net/sctp/socket.c) before 5.12-rc8 can lead to kernel\n privilege escalation from the context of a network\n service or an unprivileged process. If\n sctp_destroy_sock is called without\n sock_net(sk)->sctp.addr_wq_lock then an element is\n removed from the auto_asconf_splist list without any\n proper locking. This can be exploited by an attacker\n with network service privileges to escalate to root or\n from the context of an unprivileged user directly if a\n BPF_CGROUP_INET_SOCK_CREATE is attached which denies\n creation of some SCTP socket.(CVE-2021-23133)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1983\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e06d7501\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bpftool-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"kernel-source-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:27:59", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-3483)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.(CVE-2021-30002)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.(CVE-2020-36322)\n\n - There is a flaw reported in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.(CVE-2021-20292)\n\n - An issue was discovered in the Linux kernel before 5.8.\n arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.(CVE-2020-36310)\n\n - A race condition was found in the Linux kernel in sctp_destroy_sock. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock held and sp->do_auto_asconf is true, then an element is removed from the auto_asconf_splist without any proper locking.\n This can lead to kernel privilege escalation from the context of a network service or from an unprivileged process if certain conditions are met.(CVE-2021-23133)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.(CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.(CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.7.\n The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c.(CVE-2020-36313)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.(CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.(CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)\n\n - An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.(CVE-2021-29650)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work) however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.(CVE-2021-28660)\n\n - An issue was discovered in the Linux kernel before 5.9.\n arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.(CVE-2020-36311)\n\n - An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.(CVE-2020-36312)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2051)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27171", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36313", "CVE-2020-36322", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-28660", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2051.NASL", "href": "https://www.tenable.com/plugins/nessus/151238", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151238);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2020-27171\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2020-36313\",\n \"CVE-2020-36322\",\n \"CVE-2021-3483\",\n \"CVE-2021-20292\",\n \"CVE-2021-23133\",\n \"CVE-2021-28660\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29647\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2051)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Nosy driver in the Linux\n kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free\n when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2021-3483)\n\n - An issue was discovered in the Linux kernel before\n 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak\n for large arguments, aka\n CID-fb18802a338b.(CVE-2021-30002)\n\n - An issue was discovered in the FUSE filesystem\n implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls\n make_bad_inode() in inappropriate situations, causing a\n system crash. NOTE: the original fix for this\n vulnerability was incomplete, and its incompleteness is\n tracked as CVE-2021-28950.(CVE-2020-36322)\n\n - There is a flaw reported in\n drivers/gpu/drm/nouveau/nouveau_sgdma.c in\n nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The\n issue results from the lack of validating the existence\n of an object prior to performing operations on the\n object. An attacker with a local account with a root\n privilege, can leverage this vulnerability to escalate\n privileges and execute code in the context of the\n kernel.(CVE-2021-20292)\n\n - An issue was discovered in the Linux kernel before 5.8.\n arch/x86/kvm/svm/svm.c allows a set_memory_region_test\n infinite loop for certain nested page faults, aka\n CID-e72436bc3a52.(CVE-2020-36310)\n\n - A race condition was found in the Linux kernel in\n sctp_destroy_sock. If sctp_destroy_sock is called\n without sock_net(sk)->sctp.addr_wq_lock held and\n sp->do_auto_asconf is true, then an element is removed\n from the auto_asconf_splist without any proper locking.\n This can lead to kernel privilege escalation from the\n context of a network service or from an unprivileged\n process if certain conditions are met.(CVE-2021-23133)\n\n - In intel_pmu_drain_pebs_nhm in\n arch/x86/events/intel/ds.c in the Linux kernel through\n 5.11.8 on some Haswell CPUs, userspace applications\n (such as perf-fuzzer) can cause a system crash because\n the PEBS status in a PEBS record is mishandled, aka\n CID-d88d05a9e0b6.(CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12\n have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the\n kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and\n arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before\n 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel\n memory because of a partially uninitialized data\n structure, aka CID-50535249f624.(CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.7.\n The KVM subsystem allows out-of-range access to\n memslots after a deletion, aka CID-0774a964ef56. This\n affects arch/s390/kvm/kvm-s390.c,\n include/linux/kvm_host.h, and\n virt/kvm/kvm_main.c.(CVE-2020-36313)\n\n - A race condition was discovered in get_old_root in\n fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG)\n because of a lack of locking on an extent buffer before\n a cloning operation, aka\n CID-dbcc7d57bffc.(CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel through\n 5.11.10. drivers/net/ethernet/freescale/gianfar.c in\n the Freescale Gianfar Ethernet driver allows attackers\n to cause a system crash because a negative fragment\n size is calculated in situations involving an rx queue\n overrun when jumbo packets are used and NAPI is\n enabled, aka CID-d8861bab48b6.(CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before\n 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting\n out-of-bounds speculation on pointer arithmetic,\n leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from\n kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)\n\n - An out-of-bounds (OOB) memory access flaw was found in\n x25_bind in net/x25/af_x25.c in the Linux kernel. A\n bounds check failure allows a local attacker with a\n user account on the system to gain access to\n out-of-bounds memory, leading to a system crash or a\n leak of internal kernel information. The highest threat\n from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel before\n 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because\n net/netfilter/x_tables.c and\n include/linux/netfilter/x_tables.h lack a full memory\n barrier upon the assignment of a new table value, aka\n CID-175e476b8cdf.(CVE-2021-29650)\n\n - rtw_wx_set_scan in\n drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the\n Linux kernel through 5.11.6 allows writing beyond the\n end of the ->ssid[] array. NOTE: from the perspective\n of kernel.org releases, CVE IDs are not normally used\n for drivers/staging/* (unfinished work) however, system\n integrators may have situations in which a\n drivers/staging issue is relevant to their own customer\n base.(CVE-2021-28660)\n\n - An issue was discovered in the Linux kernel before 5.9.\n arch/x86/kvm/svm/sev.c allows attackers to cause a\n denial of service (soft lockup) by triggering\n destruction of a large SEV VM (which requires\n unregistering many encrypted regions), aka\n CID-7be74942f184.(CVE-2020-36311)\n\n - An issue was discovered in the Linux kernel before\n 5.8.10. virt/kvm/kvm_main.c has a\n kvm_io_bus_unregister_dev memory leak upon a kmalloc\n failure, aka CID-f65886606c2d.(CVE-2020-36312)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2051\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9dbc5945\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.18.0-147.5.1.6.h451.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.6.h451.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.6.h451.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.6.h451.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:26:51", "description": "The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination (bnc#1184198).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).\n\nCVE-2020-36322: Fixed an issue in the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211 bnc#1184952).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022 bnc#1183069 ).\n\nCVE-2020-1749: Fixed a flaw with some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1165629).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-18T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1617-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0433", "CVE-2020-1749", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-20219", "CVE-2021-26931", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28950", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-1617-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149633", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1617-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149633);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2020-0433\",\n \"CVE-2020-1749\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-36312\",\n \"CVE-2020-36322\",\n \"CVE-2021-3483\",\n \"CVE-2021-20219\",\n \"CVE-2021-26931\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28660\",\n \"CVE-2021-28950\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1617-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a\nkvm_io_bus_unregister_dev memory leak upon a kmalloc failure\n(bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that\nallowed attackers to cause a denial of service (panic) because\nnet/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a\nfull memory barrier upon the assignment of a new table value\n(bnc#1184208).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute\narbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated\nllcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind()\n(bsc#1178181).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on\nCPU' could have occured because a retry loop continually finds the\nsame bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists\n(bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl()\n(bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in\ndrivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker\nwith a normal user privilege could have delayed the loop and cause a\nthreat to the system availability (bnc#1184397).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in\ndrivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial\nof service (GPF) because the stub-up sequence has race conditions\nduring an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in\ndrivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar\nEthernet driver that allowed attackers to cause a system crash because\na negative fragment size is calculated in situations involving an rx\nqueue overrun when jumbo packets are used and NAPI is enabled\n(bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c\nwhere the RPA PCI Hotplug driver had a user-tolerable buffer overflow\nwhen writing a new device name to the driver from userspace, allowing\nuserspace to write data to the kernel stack frame directly. This\noccurs because add_slot_store and remove_slot_store mishandle drc_name\n'\\0' termination (bnc#1184198).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in\ndrivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing\nbeyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where\na possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no\nadditional execution privileges needed. User interaction is not needed\nfor exploitation (bnc#1176720).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that\ndoes not have appropriate length constraints or checks, and can exceed\nthe PAGE_SIZE value. An unprivileged user can send a Netlink message\nthat is associated with iSCSI, and has a length up to the maximum\nlength of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could\nhave been used to determine the address of the iscsi_transport\nstructure. When an iSCSI transport is registered with the iSCSI\nsubsystem, the transport's handle is available to unprivileged users\nvia the sysfs file system, at\n/sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the\nshow_transport_handle function (in\ndrivers/scsi/scsi_transport_iscsi.c) is called, which leaks the\nhandle. This handle is actually the pointer to an iscsi_transport\nstruct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c\nwhere an unprivileged user can craft Netlink messages (bnc#1182717).\n\nCVE-2020-36322: Fixed an issue in the FUSE filesystem implementation\nwhere fuse_do_getattr() calls make_bad_inode() in inappropriate\nsituations, causing a system crash. NOTE: the original fix for this\nvulnerability was incomplete, and its incompleteness is tracked as\nCVE-2021-28950 (bnc#1184211 bnc#1184952).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the\nnetback driver lacks necessary treatment of errors such as failed\nmemory allocations (as a result of changes to the handling of grant\nmapping errors). A host OS denial of service may occur during\nmisbehavior of a networking frontend driver. NOTE: this issue exists\nbecause of an incomplete fix for CVE-2021-26931 (bnc#1183022\nbnc#1183069 ).\n\nCVE-2020-1749: Fixed a flaw with some networking protocols in IPsec,\nsuch as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel\nis created between two hosts, the kernel isn't correctly routing\ntunneled data over the encrypted link; rather sending the data\nunencrypted. This would allow anyone in between the two endpoints to\nread the traffic unencrypted. The main threat from this vulnerability\nis to data confidentiality (bnc#1165629).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0433/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-1749/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25670/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25671/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25672/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36312/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36322/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20219/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28950/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29650/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3483/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211617-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ee23a22f\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP2-LTSS-SAP :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1617=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1617=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1617=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.121-92.155.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-4.4.121-92.155.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-debuginfo-4.4.121-92.155.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.121-92.155.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.121-92.155.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.121-92.155.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.121-92.155.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:26:24", "description": "The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination (bnc#1184198).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).\n\nCVE-2020-1749: Fixed a flaw inside of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1165629).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1623-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0433", "CVE-2020-1749", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27673", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-20219", "CVE-2021-26931", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28950", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_144-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_144-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-1623-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149716", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1623-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149716);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2020-0433\",\n \"CVE-2020-1749\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-27673\",\n \"CVE-2020-36312\",\n \"CVE-2020-36322\",\n \"CVE-2021-3483\",\n \"CVE-2021-20219\",\n \"CVE-2021-26931\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28660\",\n \"CVE-2021-28950\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1623-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a\nkvm_io_bus_unregister_dev memory leak upon a kmalloc failure\n(bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that\nallowed attackers to cause a denial of service (panic) because\nnet/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a\nfull memory barrier upon the assignment of a new table value\n(bnc#1184208).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could\nhave caused a denial of service (host OS hang) via a high rate of\nevents to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute\narbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated\nllcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind()\n(bsc#1178181).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on\nCPU' could have occured because a retry loop continually finds the\nsame bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem\nimplementation where fuse_do_getattr() calls make_bad_inode() in\ninappropriate situations, could have caused a system crash. NOTE: the\noriginal fix for this vulnerability was incomplete, and its\nincompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists\n(bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl()\n(bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in\ndrivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker\nwith a normal user privilege could have delayed the loop and cause a\nthreat to the system availability (bnc#1184397).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in\ndrivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial\nof service (GPF) because the stub-up sequence has race conditions\nduring an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in\ndrivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar\nEthernet driver that allowed attackers to cause a system crash because\na negative fragment size is calculated in situations involving an rx\nqueue overrun when jumbo packets are used and NAPI is enabled\n(bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c\nwhere the RPA PCI Hotplug driver had a user-tolerable buffer overflow\nwhen writing a new device name to the driver from userspace, allowing\nuserspace to write data to the kernel stack frame directly. This\noccurs because add_slot_store and remove_slot_store mishandle drc_name\n'\\0' termination (bnc#1184198).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in\ndrivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing\nbeyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where\na possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no\nadditional execution privileges needed. User interaction is not needed\nfor exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the\nnetback driver lacks necessary treatment of errors such as failed\nmemory allocations (as a result of changes to the handling of grant\nmapping errors). A host OS denial of service may occur during\nmisbehavior of a networking frontend driver. NOTE: this issue exists\nbecause of an incomplete fix for CVE-2021-26931 (bnc#1183022,\nbnc#1183069).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that\ndoes not have appropriate length constraints or checks, and can exceed\nthe PAGE_SIZE value. An unprivileged user can send a Netlink message\nthat is associated with iSCSI, and has a length up to the maximum\nlength of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could\nhave been used to determine the address of the iscsi_transport\nstructure. When an iSCSI transport is registered with the iSCSI\nsubsystem, the transport's handle is available to unprivileged users\nvia the sysfs file system, at\n/sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the\nshow_transport_handle function (in\ndrivers/scsi/scsi_transport_iscsi.c) is called, which leaks the\nhandle. This handle is actually the pointer to an iscsi_transport\nstruct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c\nwhere an unprivileged user can craft Netlink messages (bnc#1182717).\n\nCVE-2020-1749: Fixed a flaw inside of some networking protocols in\nIPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted\ntunnel is created between two hosts, the kernel isn't correctly\nrouting tunneled data over the encrypted link; rather sending the data\nunencrypted. This would allow anyone in between the two endpoints to\nread the traffic unencrypted. The main threat from this vulnerability\nis to data confidentiality (bnc#1165629).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159483\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165823\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182261\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0433/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-1749/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25670/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25671/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25672/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36312/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36322/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20219/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28950/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29650/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3483/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211623-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d4ebd1e\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1623=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2021-1623=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1623=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1623=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1623=1\n\nSUSE Linux Enterprise High Availability 12-SP3 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP3-2021-1623=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2021-1623=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_144-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_144-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-kgraft-4.4.180-94.144.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_144-default-1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_144-default-debuginfo-1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.180-94.144.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.180-94.144.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.180-94.144.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.180-94.144.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.180-94.144.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.180-94.144.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.180-94.144.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.180-94.144.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:27:14", "description": "The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\n - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\n - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\n - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\n - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\n - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\n - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\n - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\n - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\n - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\n - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).\n\n - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\n - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\n - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\n - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\n - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\n - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\n - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\n - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\n - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).\n\n - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).\n\n - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).\n\n - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).\n\n - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).\n\n - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).\n\n - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\n - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512).\n\n - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ).\n\n - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194).\n\nThe following non-security bugs were fixed :\n\n - 0007-block-add-docs-for-gendisk-request_queue-refcount-h e.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0008-block-revert-back-to-synchronous-request_queue-remo v.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0009-blktrace-fix-debugfs-use-after-free.patch:\n (bsc#1171295, git fixes (block drivers)). \n\n - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes).\n\n - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes).\n\n - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).\n\n - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes).\n\n - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).\n\n - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes).\n\n - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes).\n\n - ALSA: aloop: Fix initialization of controls (git-fixes).\n\n - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).\n\n - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes).\n\n - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).\n\n - ALSA: hda: generic: Fix the micmute led init state (git-fixes).\n\n - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes).\n\n - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes).\n\n - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes).\n\n - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes).\n\n - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes).\n\n - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes).\n\n - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes).\n\n - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552).\n\n - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552).\n\n - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes).\n\n - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552).\n\n - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552).\n\n - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552).\n\n - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552).\n\n - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes).\n\n - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552).\n\n - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes).\n\n - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes).\n\n - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes).\n\n - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes).\n\n - appletalk: Fix skb allocation size in loopback case (git-fixes).\n\n - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862).\n\n - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes).\n\n - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes).\n\n - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes).\n\n - ASoC: cs42l42: Fix channel width support (git-fixes).\n\n - ASoC: cs42l42: Fix mixer volume control (git-fixes).\n\n - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes).\n\n - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes).\n\n - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).\n\n - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes).\n\n - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes).\n\n - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes).\n\n - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes).\n\n - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes).\n\n - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes).\n\n - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).\n\n - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).\n\n - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes).\n\n - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes).\n\n - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes).\n\n - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes).\n\n - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes).\n\n - ASoC: simple-card-utils: Do not handle device clock (git-fixes).\n\n - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes).\n\n - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes).\n\n - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes).\n\n - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes).\n\n - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes).\n\n - atl1c: fix error return code in atl1c_probe() (git-fixes).\n\n - atl1e: fix error return code in atl1e_probe() (git-fixes).\n\n - batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).\n\n - blktrace-annotate-required-lock-on-do_blk_trace_setu.pat ch: (bsc#1171295).\n\n - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.pat ch: (bsc#1171295).\n\n - blktrace-break-out-of-blktrace-setup-on-concurrent-c.pat ch: (bsc#1171295).\n\n - block-clarify-context-for-refcount-increment-helpers.pat ch: (bsc#1171295).\n\n - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in amp_read_loc_assoc_final_data (git-fixes).\n\n - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes).\n\n - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).\n\n - bpf: Avoid warning when re-casting __bpf_call_base into\n __bpf_call_base_args (bsc#1155518).\n\n - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518).\n\n - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518).\n\n - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).\n\n - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518).\n\n - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518).\n\n - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).\n\n - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).\n\n - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes).\n\n - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes).\n\n - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes).\n\n - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217).\n\n - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224).\n\n - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386).\n\n - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218).\n\n - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193).\n\n - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220).\n\n - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219).\n\n - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).\n\n - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes).\n\n - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).\n\n - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).\n\n - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes).\n\n - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes).\n\n - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes).\n\n - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes).\n\n - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes).\n\n - can: peak_usb: add forgotten supported devices (git-fixes).\n\n - can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes).\n\n - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes).\n\n - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes).\n\n - certs: Fix blacklist flag type confusion (git-fixes).\n\n - cifs: change noisy error message to FYI (bsc#1181507).\n\n - cifs: check pointer before freeing (bsc#1183534).\n\n - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507).\n\n - cifs: do not send close in compound create+close requests (bsc#1181507).\n\n - cifs: New optype for session operations (bsc#1181507).\n\n - cifs: print MIDs in decimal notation (bsc#1181507).\n\n - cifs: return proper error code in statfs(2) (bsc#1181507).\n\n - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).\n\n - clk: fix invalid usage of list cursor in register (git-fixes).\n\n - clk: fix invalid usage of list cursor in unregister (git-fixes).\n\n - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).\n\n - completion: Drop init_completion define (git-fixes).\n\n - configfs: fix a use-after-free in __configfs_open_file (git-fixes).\n\n - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595\n\n - crypto: aesni - prevent misaligned buffers on the stack (git-fixes).\n\n - crypto: arm64/sha - add missing module aliases (git-fixes).\n\n - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes).\n\n - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes).\n\n - crypto: tcrypt - avoid signed overflow in byte count (git-fixes).\n\n - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield .patch (bsc#1183530) \n\n - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes).\n\n - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes).\n\n - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes).\n\n - drm/amdgpu: Add check to prevent IH overflow (git-fixes).\n\n - drm/amdgpu: check alignment on CPU page for bo map (git-fixes).\n\n - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes).\n\n - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes).\n\n - drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: &#9;* context changes\n\n - drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) Backporting notes: &#9;* rename amd/pm to amd/powerplay &#9;* context changes\n\n - drm/compat: Clear bounce structures (git-fixes).\n\n - drm/hisilicon: Fix use-after-free (git-fixes).\n\n - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074).\n\n - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes).\n\n - drm/mediatek: Fix aal size config (bsc#1152489) \n\n - drm: meson_drv add shutdown function (git-fixes).\n\n - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes).\n\n - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes).\n\n - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes).\n\n - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) \n\n - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes).\n\n - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) \n\n - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) \n\n - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) \n\n - drm/msm: Ratelimit invalid-fence message (git-fixes).\n\n - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes).\n\n - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) \n\n - drm/nouveau/kms: handle mDP connectors (git-fixes).\n\n - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) \n\n - drm/panfrost: Fix job timeout handling (bsc#1152472) \n\n - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472)\n\n - drm/radeon: fix AGP dependency (git-fixes).\n\n - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) \n\n - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes).\n\n - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) \n\n - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes).\n\n - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) \n\n - efi: use 32-bit alignment for efi_guid_t literals (git-fixes).\n\n - enetc: Fix reporting of h/w packet counters (git-fixes).\n\n - epoll: check for events when removing a timed out thread from the wait queue (git-fixes).\n\n - ethernet: alx: fix order of calls on resume (git-fixes).\n\n - exec: Move would_dump into flush_old_exec (git-fixes).\n\n - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).\n\n - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989).\n\n - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes).\n\n - extcon: Fix error handling in extcon_dev_register (git-fixes).\n\n - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).\n\n - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes).\n\n - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353).\n\n - fsl/fman: check dereferencing NULL pointer (git-fixes).\n\n - fsl/fman: fix dereference null return value (git-fixes).\n\n - fsl/fman: fix eth hash table allocation (git-fixes).\n\n - fsl/fman: fix unreachable code (git-fixes).\n\n - fsl/fman: use 32-bit unsigned integer (git-fixes).\n\n - fuse: fix bad inode (bsc#1184211).\n\n - fuse: fix live lock in fuse_iget() (bsc#1184211).\n\n - fuse: verify write return (git-fixes).\n\n - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).\n\n - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862).\n\n - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862).\n\n - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).\n\n - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).\n\n - gianfar: Handle error code at MAC address change (git-fixes).\n\n - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes).\n\n - Goodix Fingerprint device is not a modem (git-fixes).\n\n - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).\n\n - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes).\n\n - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes).\n\n - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes).\n\n - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes).\n\n - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes).\n\n - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes).\n\n - i2c: rcar: faster irq code to minimize HW race condition (git-fixes).\n\n - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes).\n\n - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025).\n\n - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025).\n\n - iavf: Fix incorrect adapter get in iavf_resume (git-fixes).\n\n - iavf: use generic power management (git-fixes).\n\n - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139).\n\n - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).\n\n - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix block comments (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix braces (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139).\n\n - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268).\n\n - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591).\n\n - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139).\n\n - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139).\n\n - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791).\n\n - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791).\n\n - ice: fix memory leak if register_netdev_fails (git-fixes).\n\n - ice: fix memory leak in ice_vsi_setup (git-fixes).\n\n - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).\n\n - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926).\n\n - ice: renegotiate link after FW DCB on (jsc#SLE-8464).\n\n - ice: report correct max number of TCs (jsc#SLE-7926).\n\n - ice: update the number of available RSS queues (jsc#SLE-7926).\n\n - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).\n\n - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes).\n\n - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes).\n\n - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes).\n\n - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes).\n\n - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes).\n\n - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes).\n\n - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes).\n\n - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes).\n\n - Input: applespi - do not wait for responses to commands indefinitely (git-fixes).\n\n - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes).\n\n - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes).\n\n - Input: raydium_ts_i2c - do not send zero length (git-fixes).\n\n - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes).\n\n - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277).\n\n - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278).\n\n - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637).\n\n - iommu/vt-d: Add get_domain_info() helper (bsc#1183279).\n\n - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280).\n\n - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281).\n\n - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282).\n\n - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283).\n\n - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284).\n\n - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285).\n\n - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286).\n\n - ionic: linearize tso skb with too many frags (bsc#1167773).\n\n - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).\n\n - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862).\n\n - kbuild: change *FLAGS_<basetarget>.o to take the path relative to $(obj) (bcs#1181862).\n\n - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862).\n\n - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862).\n\n - kbuild: Fail if gold linker is detected (bcs#1181862).\n\n - kbuild: improve cc-option to clean up all temporary files (bsc#1178330).\n\n - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862).\n\n - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862).\n\n - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862).\n\n - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330).\n\n - kconfig: introduce m32-flag and m64-flag (bcs#1181862).\n\n - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427).\n\n - KVM: SVM: Clear the CR4 register on reset (bsc#1183252).\n\n - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). \n\n - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm:\n tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770).\n\n - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287).\n\n - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412).\n\n - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447).\n\n - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369).\n\n - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428).\n\n - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288).\n\n - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518).\n\n - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518).\n\n - libbpf: Fix INSTALL flag order (bsc#1155518).\n\n - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518).\n\n - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes).\n\n - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes).\n\n - loop-be-paranoid-on-exit-and-prevent-new-additions-r.pat ch: (bsc#1171295).\n\n - mac80211: choose first enabled channel for monitor (git-fixes).\n\n - mac80211: fix double free in ibss_leave (git-fixes).\n\n - mac80211: fix rate mask reset (git-fixes).\n\n - mac80211: fix TXQ AC confusion (git-fixes).\n\n - mdio: fix mdio-thunder.c dependency & build error (git-fixes).\n\n - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes).\n\n - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes).\n\n - media: mceusb: Fix potential out-of-bounds shift (git-fixes).\n\n - media: mceusb: sanity check for prescaler value (git-fixes).\n\n - media: rc: compile rc-cec.c into rc-core (git-fixes).\n\n - media: usbtv: Fix deadlock on suspend (git-fixes).\n\n - media: uvcvideo: Allow entities with no pads (git-fixes).\n\n - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes).\n\n - media: v4l: vsp1: Fix bru NULL pointer access (git-fixes).\n\n - media: v4l: vsp1: Fix uif NULL pointer access (git-fixes).\n\n - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes).\n\n - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes).\n\n - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes).\n\n - misc/pvpanic: Export module FDT device table (git-fixes).\n\n - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes).\n\n - mISDN: fix crash in fritzpci (git-fixes).\n\n - mmc: core: Fix partition switch time for eMMC (git-fixes).\n\n - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes).\n\n - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes).\n\n - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes).\n\n - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).\n\n - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes).\n\n - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777).\n\n - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes).\n\n - mt76: dma: do not report truncated frames to mac80211 (git-fixes).\n\n - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes).\n\n - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes).\n\n - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes).\n\n - net: b44: fix error return code in b44_init_one() (git-fixes).\n\n - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353).\n\n - net: cdc-phonet: fix data-interface release on probe failure (git-fixes).\n\n - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139).\n\n - netdevsim: init u64 stats for 32bit hardware (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN semantics (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN set-up (git-fixes).\n\n - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).\n\n - net: enic: Cure the enic api locking trainwreck (git-fixes).\n\n - net: ethernet: aquantia: Fix wrong return value (git-fixes).\n\n - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes).\n\n - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139).\n\n - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes).\n\n - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes).\n\n - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix reference count leak in fec series ops (git-fixes).\n\n - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes).\n\n - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes).\n\n - net: gianfar: Add of_node_put() before goto statement (git-fixes).\n\n - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes).\n\n - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes).\n\n - net: hns3: Remove the left over redundant check & assignment (bsc#1154353).\n\n - net: korina: cast KSEG0 address to pointer in kfree (git-fixes).\n\n - net: korina: fix kfree of rx/tx descriptor array (git-fixes).\n\n - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes).\n\n - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464).\n\n - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464).\n\n - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).\n\n - net: mvneta: fix double free of txq->buf (git-fixes).\n\n - net: mvneta: make tx buffer array agnostic (git-fixes).\n\n - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes).\n\n - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes).\n\n - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes).\n\n - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes).\n\n - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)\n\n - netsec: restore phy power state after controller reset (bsc#1183757).\n\n - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes).\n\n - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes).\n\n - net: stmmac: removed enabling eee in EEE set callback (git-fixes).\n\n - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes).\n\n - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes).\n\n - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes).\n\n - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes).\n\n - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).\n\n - net: wan/lmc: unregister device when no matching device is found (git-fixes).\n\n - nfp: flower: fix pre_tun mask id allocation (bsc#1154353).\n\n - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077).\n\n - nvme-fabrics: fix kato initialization (bsc#1182591).\n\n - nvme-fabrics: only reserve a single tag (bsc#1182077).\n\n - nvme-fc: fix racing controller reset and create association (bsc#1183048).\n\n - nvme-hwmon: Return error code when registration fails (bsc#1177326).\n\n - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077).\n\n - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197).\n\n - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501).\n\n - objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514).\n\n - objtool: Fix error handling for STD/CLD warnings (bsc#1169514).\n\n - objtool: Fix retpoline detection in asm code (bsc#1169514).\n\n - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).\n\n - ovl: fix out of date comment and unreachable code (bsc#1184176).\n\n - ovl: fix regression with re-formatted lower squashfs (bsc#1184176).\n\n - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176).\n\n - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176).\n\n - ovl: initialize error in ovl_copy_xattr (bsc#1184176).\n\n - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176).\n\n - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes).\n\n - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes).\n\n - PCI: Align checking of syscall user config accessors (git-fixes).\n\n - PCI: Decline to resize resources if boot config must be preserved (git-fixes).\n\n - PCI: Fix pci_register_io_range() memory leak (git-fixes).\n\n - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes).\n\n - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).\n\n - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes).\n\n - pinctrl: rockchip: fix restore error in resume (git-fixes).\n\n - Platform: OLPC: Fix probe error handling (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes).\n\n - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes).\n\n - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes).\n\n - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes).\n\n - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes).\n\n - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes).\n\n - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes).\n\n - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366).\n\n - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes).\n\n - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes).\n\n - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).\n\n - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729).\n\n - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963).\n\n - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).\n\n - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).\n\n - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).\n\n - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729).\n\n - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395).\n\n - powerpc/sstep: Fix darn emulation (bsc#1156395).\n\n - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395).\n\n - powerpc/sstep: Fix load-store and update emulation (bsc#1156395).\n\n - printk: fix deadlock when kernel panic (bsc#1183018).\n\n - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes).\n\n - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes).\n\n - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes).\n\n - qxl: Fix uninitialised struct field head.surface_id (git-fixes).\n\n - random: fix the RNDRESEEDCRNG ioctl (git-fixes).\n\n - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489).\n\n - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).\n\n - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).\n\n - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709)\n\n - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).\n\n - Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353).\n\n - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079).\n\n - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream.\n\n - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12.\n\n - rpm/check-for-config-changes: comment on the list To explain what it actually is.\n\n - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended.\n\n - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list\n\n - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans.\n\n - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally.\n\n - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes).\n\n - rsi: Move card interrupt handling to RX thread (git-fixes).\n\n - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes).\n\n - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).\n\n - s390/qeth: fix notification for pending buffers during teardown (git-fixes).\n\n - s390/qeth: improve completion of pending TX buffers (git-fixes).\n\n - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes).\n\n - s390/vtime: fix increased steal time accounting (bsc#1183859).\n\n - samples, bpf: Add missing munmap in xdpsock (bsc#1155518).\n\n - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231).\n\n - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574).\n\n - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574).\n\n - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574).\n\n - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574).\n\n - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574).\n\n - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574).\n\n - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574).\n\n - scsi: lpfc: Fix lpfc_els_retry() possible NULL pointer dereference (bsc#1182574).\n\n - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).\n\n - scsi: lpfc: Fix NULL pointer dereference in lpfc_prep_els_iocb() (bsc#1182574).\n\n - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574).\n\n - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574).\n\n - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574).\n\n - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574).\n\n - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574).\n\n - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574).\n\n - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574).\n\n - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574).\n\n - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574).\n\n - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843).\n\n - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843).\n\n - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518).\n\n - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518).\n\n - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518).\n\n - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes).\n\n - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes).\n\n - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes).\n\n - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).\n\n - smb3: fix crediting for compounding when only one request in flight (bsc#1181507).\n\n - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).\n\n - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes).\n\n - software node: Fix node registration (git-fixes).\n\n - spi: stm32: make spurious and overrun interrupts visible (git-fixes).\n\n - squashfs: fix inode lookup sanity checks (bsc#1183750).\n\n - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750).\n\n - stop_machine: mark helpers __always_inline (git-fixes).\n\n - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes).\n\n - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).\n\n - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598)\n\n - USB: cdc-acm: downgrade message to debug (git-fixes).\n\n - USB: cdc-acm: fix double free on probe failure (git-fixes).\n\n - USB: cdc-acm: fix use-after-free after probe failure (git-fixes).\n\n - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes).\n\n - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes).\n\n - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes).\n\n - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes).\n\n - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes).\n\n - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes).\n\n - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes).\n\n - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes).\n\n - USB: gadget: f_uac1: stop playback on function disable (git-fixes).\n\n - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes).\n\n - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes).\n\n - USB: gadget: u_ether: Fix a configfs return code (git-fixes).\n\n - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes).\n\n - USBip: fix stub_dev to check for stream socket (git-fixes).\n\n - USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes).\n\n - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes).\n\n - USBip: fix vhci_hcd to check for stream socket (git-fixes).\n\n - USBip: fix vudc to check for stream socket (git-fixes).\n\n - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).\n\n - USBip: tools: fix build error for multiple definition (git-fixes).\n\n - USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes).\n\n - USB: musb: Fix suspend with devices connected for a64 (git-fixes).\n\n - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes).\n\n - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes).\n\n - USB: replace hardcode maximum usb string length by definition (git-fixes).\n\n - USB: serial: ch341: add new Product ID (git-fixes).\n\n - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes).\n\n - USB: serial: cp210x: add some more GE USB IDs (git-fixes).\n\n - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes).\n\n - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes).\n\n - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes).\n\n - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes).\n\n - USB: usblp: fix a hang in poll() if disconnected (git-fixes).\n\n - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes).\n\n - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes).\n\n - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).\n\n - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139).\n\n - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489)\n\n - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes).\n\n - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes).\n\n - vt/consolemap: do font sum unsigned (git-fixes).\n\n - watchdog: mei_wdt: request stop on unregister (git-fixes).\n\n - wireguard: device: do not generate ICMP for non-IP packets (git-fixes).\n\n - wireguard: kconfig: use arm chacha even with no neon (git-fixes).\n\n - wireguard: selftests: test multiple parallel streams (git-fixes).\n\n - wlcore: Fix command execute failure 19 for wl12xx (git-fixes).\n\n - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489).\n\n - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489).\n\n - x86/ioapic: Ignore IRQ2 again (bsc#1152489).\n\n - x86/mem_encrypt: Correct physical address calculation in\n __set_clr_pte_enc() (bsc#1152489).\n\n - xen/events: avoid handling the same event on two cpus at the same time (git-fixes).\n\n - xen/events: do not unmask an event channel when an eoi is pending (git-fixes).\n\n - xen/events: fix setting irq affinity (bsc#1184583).\n\n - xen/events: reset affinity of 2-level event when tearing it down (git-fixes).\n\n - xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).\n\n - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).\n\n - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980).\n\n - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes).\n\n - xhci: Improve detection of device initiated wake signal (git-fixes).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2021-05-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2021-758)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18814", "CVE-2019-19769", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28375", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cluster-md-kmp-rt", "p-cpe:/a:novell:opensuse:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:cluster-md-kmp-rt_debug", "p-cpe:/a:novell:opensuse:cluster-md-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:dlm-kmp-rt", "p-cpe:/a:novell:opensuse:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:dlm-kmp-rt_debug", "p-cpe:/a:novell:opensuse:dlm-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:gfs2-kmp-rt", "p-cpe:/a:novell:opensuse:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:gfs2-kmp-rt_debug", "p-cpe:/a:novell:opensuse:gfs2-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel-rt", "p-cpe:/a:novell:opensuse:kernel-rt", "p-cpe:/a:novell:opensuse:kernel-rt-debuginfo", "p-cpe:/a:novell:opensuse:kernel-rt-debugsource", "p-cpe:/a:novell:opensuse:kernel-rt-devel", "p-cpe:/a:novell:opensuse:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-rt-extra", "p-cpe:/a:novell:opensuse:kernel-rt-extra-debuginfo", "p-cpe:/a:novell:opensuse:kernel-rt_debug", "p-cpe:/a:novell:opensuse:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-rt_debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-rt_debug-devel", "p-cpe:/a:novell:opensuse:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-rt_debug-extra", "p-cpe:/a:novell:opensuse:kernel-rt_debug-extra-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source-rt", "p-cpe:/a:novell:opensuse:kernel-syms-rt", "p-cpe:/a:novell:opensuse:kselftests-kmp-rt", "p-cpe:/a:novell:opensuse:kselftests-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:kselftests-kmp-rt_debug", "p-cpe:/a:novell:opensuse:kselftests-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:ocfs2-kmp-rt", "p-cpe:/a:novell:opensuse:ocfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:ocfs2-kmp-rt_debug", "p-cpe:/a:novell:opensuse:ocfs2-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:reiserfs-kmp-rt", "p-cpe:/a:novell:opensuse:reiserfs-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:reiserfs-kmp-rt_debug", "p-cpe:/a:novell:opensuse:reiserfs-kmp-rt_debug-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-758.NASL", "href": "https://www.tenable.com/plugins/nessus/149892", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-758.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149892);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2019-18814\",\n \"CVE-2019-19769\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-3483\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28375\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2021-758)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-3444: Fixed an issue with the bpf verifier\n which did not properly handle mod32 destination register\n truncation when the source register was known to be 0\n leading to out of bounds read (bsc#1184170).\n\n - CVE-2021-3428: Fixed an integer overflow in\n ext4_es_cache_extent (bsc#1173485).\n\n - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which\n could have allowed attackers to obtain sensitive\n information from kernel memory because of a partially\n uninitialized data structure (bsc#1184192 ).\n\n - CVE-2021-29265: Fixed an issue in usbip_sockfd_store\n which could have allowed attackers to cause a denial of\n service due to race conditions during an update of the\n local and shared status (bsc#1184167).\n\n - CVE-2021-29264: Fixed an issue in the Freescale Gianfar\n Ethernet driver which could have allowed attackers to\n cause a system crash due to a calculation of negative\n fragment size (bsc#1184168).\n\n - CVE-2021-28972: Fixed a user-tolerable buffer overflow\n when writing a new device name to the driver from\n userspace, allowing userspace to write data to the\n kernel stack frame directly (bsc#1184198).\n\n - CVE-2021-28971: Fixed an issue in\n intel_pmu_drain_pebs_nhm which could have caused a\n system crash because the PEBS status in a PEBS record\n was mishandled (bsc#1184196 ).\n\n - CVE-2021-28964: Fixed a race condition in get_old_root\n which could have allowed attackers to cause a denial of\n service (bsc#1184193).\n\n - CVE-2021-28688: Fixed an issue introduced by XSA-365\n (bsc#1183646).\n\n - CVE-2021-28660: Fixed an out of bounds write in\n rtw_wx_set_scan (bsc#1183593 ).\n\n - CVE-2021-28375: Fixed an issue in\n fastrpc_internal_invoke which did not prevent user\n applications from sending kernel RPC messages\n (bsc#1183596).\n\n - CVE-2021-28038: Fixed an issue with the netback driver\n which was lacking necessary treatment of errors such as\n failed memory allocations (bsc#1183022).\n\n - CVE-2021-27365: Fixed an issue where an unprivileged\n user can send a Netlink message that is associated with\n iSCSI, and has a length up to the maximum length of a\n Netlink message (bsc#1182715).\n\n - CVE-2021-27364: Fixed an issue where an attacker could\n craft Netlink messages (bsc#1182717).\n\n - CVE-2021-27363: Fixed a kernel pointer leak which could\n have been used to determine the address of the\n iscsi_transport structure (bsc#1182716).\n\n - CVE-2020-35519: Fixed an out-of-bounds memory access was\n found in x25_bind (bsc#1183696).\n\n - CVE-2020-27815: Fixed an issue in JFS filesystem where\n could have allowed an attacker to execute code\n (bsc#1179454).\n\n - CVE-2020-27171: Fixed an off-by-one error affecting\n out-of-bounds speculation on pointer arithmetic, leading\n to side-channel attacks that defeat Spectre mitigations\n and obtain sensitive information from kernel memory\n (bsc#1183775).\n\n - CVE-2020-27170: Fixed potential side-channel attacks\n that defeat Spectre mitigations and obtain sensitive\n information from kernel memory (bsc#1183686).\n\n - CVE-2019-19769: Fixed a use-after-free in the\n perf_trace_lock_acquire function (bsc#1159280 ).\n\n - CVE-2019-18814: Fixed a use-after-free when\n aa_label_parse() fails in aa_audit_rule_init()\n (bsc#1156256).\n\n - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672,\n CVE-2020-25673: Fixed multiple bugs in NFC subsytem\n (bsc#1178181).\n\n - CVE-2020-36311: Fixed a denial of service (soft lockup)\n by triggering destruction of a large SEV VM\n (bsc#1184511).\n\n - CVE-2021-29154: Fixed incorrect computation of branch\n displacements, allowing arbitrary code execution\n (bsc#1184391).\n\n - CVE-2021-30002: Fixed a memory leak for large arguments\n in video_usercopy (bsc#1184120).\n\n - CVE-2021-3483: Fixed a use-after-free in nosy.c\n (bsc#1184393).\n\n - CVE-2020-36310: Fixed infinite loop for certain nested\n page faults (bsc#1184512).\n\n - CVE-2020-36312: Fixed a memory leak upon a kmalloc\n failure (bsc#1184509 ).\n\n - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due\n to a retry loop continually was finding the same bad\n inode (bsc#1184194).\n\nThe following non-security bugs were fixed :\n\n -\n 0007-block-add-docs-for-gendisk-request_queue-refcount-h\n e.patch: (bsc#1171295, git fixes (block drivers)).\n\n -\n 0008-block-revert-back-to-synchronous-request_queue-remo\n v.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0009-blktrace-fix-debugfs-use-after-free.patch:\n (bsc#1171295, git fixes (block drivers)). \n\n - ACPI: bus: Constify is_acpi_node() and friends (part 2)\n (git-fixes).\n\n - ACPICA: Always create namespace nodes using\n acpi_ns_create_node() (git-fixes).\n\n - ACPICA: Enable sleep button on ACPI legacy wake\n (bsc#1181383).\n\n - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO\n op_region parameter handling (git-fixes).\n\n - ACPI: scan: Rearrange memory allocation in\n acpi_device_add() (git-fixes).\n\n - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807\n (git-fixes).\n\n - ACPI: video: Add missing callback back for Sony\n VPCEH3U1E (git-fixes).\n\n - ALSA: aloop: Fix initialization of controls (git-fixes).\n\n - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits\n (git-fixes).\n\n - ALSA: hda: Avoid spurious unsol event handling during\n S3/S4 (git-fixes).\n\n - ALSA: hda: Drop the BATCH workaround for AMD controllers\n (git-fixes).\n\n - ALSA: hda: generic: Fix the micmute led init state\n (git-fixes).\n\n - ALSA: hda/hdmi: Cancel pending works before suspend\n (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ\n (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Intel NUC 10\n (git-fixes).\n\n - ALSA: hda/realtek: Apply dual codec quirks for MSI\n Godlike X570 board (git-fixes).\n\n - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi\n Redmibook Air (git-fixes).\n\n - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook\n Pro (git-fixes).\n\n - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with\n ALC256 (git-fixes).\n\n - ALSA: hda/realtek: fix a determine_headset_type issue\n for a Dell AIO (git-fixes).\n\n - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire\n E1 (git-fixes).\n\n - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay\n quirk (bsc#1182552).\n\n - ALSA: usb-audio: Allow modifying parameters with\n succeeding hw_params calls (bsc#1182552).\n\n - ALSA: usb-audio: Apply sample rate quirk to Logitech\n Connect (git-fixes).\n\n - ALSA: usb-audio: Apply the control quirk to Plantronics\n headsets (bsc#1182552).\n\n - ALSA: usb-audio: Disable USB autosuspend properly in\n setup_disable_autosuspend() (bsc#1182552).\n\n - ALSA: usb-audio: Do not abort even if the clock rate\n differs (bsc#1182552).\n\n - ALSA: usb-audio: Drop bogus dB range in too low level\n (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell\n AE515 sound bar (bsc#1182552).\n\n - ALSA: usb-audio: fix NULL ptr dereference in\n usb_audio_probe (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'RANGE setting not yet supported'\n errors (git-fixes).\n\n - ALSA: usb-audio: fix use after free in\n usb_audio_disconnect (bsc#1182552).\n\n - ALSA: usb-audio: Skip the clock selector inquiry for\n single connections (git-fixes).\n\n - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it\n (git-fixes).\n\n - amd/amdgpu: Disable VCN DPG mode for Picasso\n (git-fixes).\n\n - apparmor: check/put label on\n apparmor_sk_clone_security() (git-fixes).\n\n - appletalk: Fix skb allocation size in loopback case\n (git-fixes).\n\n - arm64: make STACKPROTECTOR_PER_TASK configurable\n (bsc#1181862).\n\n - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: cs42l42: Always wait at least 3ms after reset\n (git-fixes).\n\n - ASoC: cs42l42: Do not enable/disable regulator at Bias\n Level (git-fixes).\n\n - ASoC: cs42l42: Fix Bitclock polarity inversion\n (git-fixes).\n\n - ASoC: cs42l42: Fix channel width support (git-fixes).\n\n - ASoC: cs42l42: Fix mixer volume control (git-fixes).\n\n - ASoC: cygnus: fix for_each_child.cocci warnings\n (git-fixes).\n\n - ASoC: es8316: Simplify adc_pga_gain_tlv table\n (git-fixes).\n\n - ASoC: fsl_esai: Fix TDM slot setup for I2S mode\n (git-fixes).\n\n - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode\n (git-fixes).\n\n - ASoC: Intel: Add DMI quirk table to\n soc_intel_is_byt_cr() (git-fixes).\n\n - ASoC: intel: atom: Remove 44100 sample-rate from the\n media and deep-buffer DAI descriptions (git-fixes).\n\n - ASoC: intel: atom: Stop advertising non working S24LE\n support (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium\n 140 (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One\n S1002 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar\n Beauty HD MID 7316R tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad\n A15 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX\n OVCD current threshold (git-fixes).\n\n - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper\n EZpad 7 tablet (git-fixes).\n\n - ASoC: max98373: Added 30ms turn on/off time delay\n (git-fixes).\n\n - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off\n by a factor of 10 (git-fixes).\n\n - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off\n by a factor of 10 (git-fixes).\n\n - ASoC: rt5670: Add emulated 'DAC1 Playback Switch'\n control (git-fixes).\n\n - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from\n Sto1 ADC mixer settings (git-fixes).\n\n - ASoC: rt5670: Remove 'HP Playback Switch' control\n (git-fixes).\n\n - ASoC: rt5670: Remove 'OUT Channel Switch' control\n (git-fixes).\n\n - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct\n default value on probe (git-fixes).\n\n - ASoC: simple-card-utils: Do not handle device clock\n (git-fixes).\n\n - ASoC: sunxi: sun4i-codec: fill ASoC card owner\n (git-fixes).\n\n - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled\n for some chips (git-fixes).\n\n - ath10k: fix wmi mgmt tx queue full due to race condition\n (git-fixes).\n\n - ath10k: hold RCU lock when calling\n ieee80211_find_sta_by_ifaddr() (git-fixes).\n\n - ath9k: fix transmitting to stations in dynamic SMPS mode\n (git-fixes).\n\n - atl1c: fix error return code in atl1c_probe()\n (git-fixes).\n\n - atl1e: fix error return code in atl1e_probe()\n (git-fixes).\n\n - batman-adv: initialize 'struct\n batadv_tvlv_tt_vlan_data'->reserved field (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write\n (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write\n (git-fixes).\n\n -\n blktrace-annotate-required-lock-on-do_blk_trace_setu.pat\n ch: (bsc#1171295).\n\n -\n blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.pat\n ch: (bsc#1171295).\n\n -\n blktrace-break-out-of-blktrace-setup-on-concurrent-c.pat\n ch: (bsc#1171295).\n\n -\n block-clarify-context-for-refcount-increment-helpers.pat\n ch: (bsc#1171295).\n\n - block: rsxx: fix error return code of rsxx_pci_probe()\n (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in\n amp_read_loc_assoc_final_data (git-fixes).\n\n - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY\n for btrtl (git-fixes).\n\n - bnxt_en: reliably allocate IRQ table on reset to avoid\n crash (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Add sanity check for upper ptr_limit (bsc#1183686\n bsc#1183775).\n\n - bpf: Avoid warning when re-casting __bpf_call_base into\n __bpf_call_base_args (bsc#1155518).\n\n - bpf: Declare __bpf_free_used_maps() unconditionally\n (bsc#1155518).\n\n - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp\n programs (bsc#1155518).\n\n - bpf: Fix 32 bit src register truncation on div/mod\n (bsc#1184170).\n\n - bpf_lru_list: Read double-checked variable once without\n lock (bsc#1155518).\n\n - bpf: Remove MTU check in __bpf_skb_max_len\n (bsc#1155518).\n\n - bpf: Simplify alu_limit masking for pointer arithmetic\n (bsc#1183686 bsc#1183775).\n\n - bpf,x64: Pad NOPs to make images converge more easily\n (bsc#1178163).\n\n - brcmfmac: Add DMI nvram filename quirk for Predia Basic\n tablet (git-fixes).\n\n - brcmfmac: Add DMI nvram filename quirk for Voyo winpad\n A15 tablet (git-fixes).\n\n - brcmfmac: clear EAP/association status bits on linkdown\n events (git-fixes).\n\n - btrfs: abort the transaction if we fail to inc ref in\n btrfs_copy_root (bsc#1184217).\n\n - btrfs: always pin deleted leaves when there are active\n tree mod log users (bsc#1184224).\n\n - btrfs: fix exhaustion of the system chunk array due to\n concurrent allocations (bsc#1183386).\n\n - btrfs: fix extent buffer leak on failure to copy root\n (bsc#1184218).\n\n - btrfs: fix race when cloning extent buffer during rewind\n of an old root (bsc#1184193).\n\n - btrfs: fix stale data exposure after cloning a hole with\n NO_HOLES enabled (bsc#1184220).\n\n - btrfs: fix subvolume/snapshot deletion not triggered on\n mount (bsc#1184219).\n\n - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD\n (git-fixes).\n\n - bus: ti-sysc: Fix warning on unbind if reset is not\n deasserted (git-fixes).\n\n - can: c_can: move runtime PM enable/disable to\n c_can_platform (git-fixes).\n\n - can: c_can_pci: c_can_pci_remove(): fix use-after-free\n (git-fixes).\n\n - can: flexcan: assert FRZ bit in flexcan_chip_freeze()\n (git-fixes).\n\n - can: flexcan: enable RX FIFO after FRZ/HALT valid\n (git-fixes).\n\n - can: flexcan: flexcan_chip_freeze(): fix chip freeze for\n missing bitrate (git-fixes).\n\n - can: flexcan: invoke flexcan_chip_freeze() to enter\n freeze mode (git-fixes).\n\n - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss\n warning (git-fixes).\n\n - can: peak_usb: add forgotten supported devices\n (git-fixes).\n\n - can: peak_usb: Revert 'can: peak_usb: add forgotten\n supported devices' (git-fixes).\n\n - can: skb: can_skb_set_owner(): fix ref counting if\n socket was closed before setting skb ownership\n (git-fixes).\n\n - cdc-acm: fix BREAK rx code path adding necessary calls\n (git-fixes).\n\n - certs: Fix blacklist flag type confusion (git-fixes).\n\n - cifs: change noisy error message to FYI (bsc#1181507).\n\n - cifs: check pointer before freeing (bsc#1183534).\n\n - cifs_debug: use %pd instead of messing with ->d_name\n (bsc#1181507).\n\n - cifs: do not send close in compound create+close\n requests (bsc#1181507).\n\n - cifs: New optype for session operations (bsc#1181507).\n\n - cifs: print MIDs in decimal notation (bsc#1181507).\n\n - cifs: return proper error code in statfs(2)\n (bsc#1181507).\n\n - cifs: Tracepoints and logs for tracing credit changes\n (bsc#1181507).\n\n - clk: fix invalid usage of list cursor in register\n (git-fixes).\n\n - clk: fix invalid usage of list cursor in unregister\n (git-fixes).\n\n - clk: socfpga: fix iomem pointer cast on 64-bit\n (git-fixes).\n\n - completion: Drop init_completion define (git-fixes).\n\n - configfs: fix a use-after-free in __configfs_open_file\n (git-fixes).\n\n - config: net: freescale: change xgmac-mdio to built-in\n References: bsc#1183015,bsc#1182595\n\n - crypto: aesni - prevent misaligned buffers on the stack\n (git-fixes).\n\n - crypto: arm64/sha - add missing module aliases\n (git-fixes).\n\n - crypto: bcm - Rename struct device_private to\n bcm_device_private (git-fixes).\n\n - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires\n the manager (git-fixes).\n\n - crypto: tcrypt - avoid signed overflow in byte count\n (git-fixes).\n\n - Delete\n patches.suse/sched-Reenable-interrupts-in-do_sched_yield\n .patch (bsc#1183530) \n\n - drivers/misc/vmw_vmci: restrict too big queue size in\n qp_host_alloc_queue (git-fixes).\n\n - drivers: video: fbcon: fix NULL dereference in\n fbcon_cursor() (git-fixes).\n\n - drm/amd/display: Guard against NULL pointer deref when\n get_i2c_info fails (git-fixes).\n\n - drm/amdgpu: Add check to prevent IH overflow\n (git-fixes).\n\n - drm/amdgpu: check alignment on CPU page for bo map\n (git-fixes).\n\n - drm/amdgpu: fix offset calculation in\n amdgpu_vm_bo_clear_mappings() (git-fixes).\n\n - drm/amdgpu: fix parameter error of RREG32_PCIE() in\n amdgpu_regs_pcie (git-fixes).\n\n - drm/amdkfd: Put ACPI table after using it (bsc#1152489)\n Backporting notes: &#9;* context changes\n\n - drm/amd/powerplay: fix spelling mistake\n 'smu_state_memroy_block' -> (bsc#1152489) Backporting\n notes: &#9;* rename amd/pm to amd/powerplay &#9;*\n context changes\n\n - drm/compat: Clear bounce structures (git-fixes).\n\n - drm/hisilicon: Fix use-after-free (git-fixes).\n\n - drm/i915: Fix invalid access to ACPI _DSM objects\n (bsc#1184074).\n\n - drm/i915: Reject 446-480MHz HDMI clock on GLK\n (git-fixes).\n\n - drm/mediatek: Fix aal size config (bsc#1152489) \n\n - drm: meson_drv add shutdown function (git-fixes).\n\n - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL\n register (git-fixes).\n\n - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup\n to other GPUs (git-fixes).\n\n - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)\n (git-fixes).\n\n - drm/msm: Fix races managing the OOB state for timestamp\n vs (bsc#1152489) \n\n - drm/msm: fix shutdown hook in case GPU components failed\n to bind (git-fixes).\n\n - drm/msm: Fix use-after-free in msm_gem with carveout\n (bsc#1152489) \n\n - drm/msm: Fix WARN_ON() splat in _free_object()\n (bsc#1152489) \n\n - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) \n\n - drm/msm: Ratelimit invalid-fence message (git-fixes).\n\n - drm/msm: Set drvdata to NULL when msm_drm_init() fails\n (git-fixes).\n\n - drm/nouveau: bail out of nouveau_channel_new if channel\n init fails (bsc#1152489) \n\n - drm/nouveau/kms: handle mDP connectors (git-fixes).\n\n - drm/panfrost: Do not corrupt the queue mutex on\n open/close (bsc#1152472) \n\n - drm/panfrost: Fix job timeout handling (bsc#1152472) \n\n - drm/panfrost: Remove unused variables in\n panfrost_job_close() (bsc#1152472)\n\n - drm/radeon: fix AGP dependency (git-fixes).\n\n - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC\n (bsc#1152489) \n\n - drm/sched: Cancel and flush all outstanding jobs before\n finish (git-fixes).\n\n - drm/sun4i: tcon: fix inverted DCLK polarity\n (bsc#1152489) \n\n - drm/tegra: sor: Grab runtime PM reference across reset\n (git-fixes).\n\n - drm/vc4: hdmi: Restore cec physical address on reconnect\n (bsc#1152472) \n\n - efi: use 32-bit alignment for efi_guid_t literals\n (git-fixes).\n\n - enetc: Fix reporting of h/w packet counters (git-fixes).\n\n - epoll: check for events when removing a timed out thread\n from the wait queue (git-fixes).\n\n - ethernet: alx: fix order of calls on resume (git-fixes).\n\n - exec: Move would_dump into flush_old_exec (git-fixes).\n\n - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).\n\n - exfat: add the dummy mount options to be backward\n compatible with staging/exfat (bsc#1182989).\n\n - extcon: Add stubs for extcon_register_notifier_all()\n functions (git-fixes).\n\n - extcon: Fix error handling in extcon_dev_register\n (git-fixes).\n\n - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).\n\n - firmware/efi: Fix a use after bug in\n efi_mem_reserve_persistent (git-fixes).\n\n - flow_dissector: fix byteorder of dissected ICMP ID\n (bsc#1154353).\n\n - fsl/fman: check dereferencing NULL pointer (git-fixes).\n\n - fsl/fman: fix dereference null return value (git-fixes).\n\n - fsl/fman: fix eth hash table allocation (git-fixes).\n\n - fsl/fman: fix unreachable code (git-fixes).\n\n - fsl/fman: use 32-bit unsigned integer (git-fixes).\n\n - fuse: fix bad inode (bsc#1184211).\n\n - fuse: fix live lock in fuse_iget() (bsc#1184211).\n\n - fuse: verify write return (git-fixes).\n\n - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).\n\n - gcc-plugins: make it possible to disable\n CONFIG_GCC_PLUGINS again (bcs#1181862).\n\n - gcc-plugins: simplify GCC plugin-dev capability test\n (bsc#1181862).\n\n - gianfar: Account for Tx PTP timestamp in the skb\n headroom (git-fixes).\n\n - gianfar: Fix TX timestamping with a stacked DSA driver\n (git-fixes).\n\n - gianfar: Handle error code at MAC address change\n (git-fixes).\n\n - gianfar: Replace skb_realloc_headroom with skb_cow_head\n for PTP (git-fixes).\n\n - Goodix Fingerprint device is not a modem (git-fixes).\n\n - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).\n\n - gpio: pca953x: Set IRQ type when handle Intel Galileo\n Gen 2 (git-fixes).\n\n - gpio: zynq: fix reference leak in zynq_gpio functions\n (git-fixes).\n\n - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for\n ITE8568 EC on Voyo Winpad A15 (git-fixes).\n\n - HID: mf: add support for 0079:1846 Mayflash/Dragonrise\n USB Gamecube Adapter (git-fixes).\n\n - HSI: Fix PM usage counter unbalance in ssi_hw_init\n (git-fixes).\n\n - hwmon: (ina3221) Fix PM usage counter unbalance in\n ina3221_write_enable (git-fixes).\n\n - i2c: rcar: faster irq code to minimize HW race condition\n (git-fixes).\n\n - i2c: rcar: optimize cacheline to minimize HW race\n condition (git-fixes).\n\n - i40e: Fix parameters in aq_get_phy_register()\n (jsc#SLE-8025).\n\n - i40e: Fix sparse error: 'vsi->netdev' could be null\n (jsc#SLE-8025).\n\n - iavf: Fix incorrect adapter get in iavf_resume\n (git-fixes).\n\n - iavf: use generic power management (git-fixes).\n\n - ibmvnic: add comments for spinlock_t definitions\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: always store valid MAC address (bsc#1182011\n ltc#191844).\n\n - ibmvnic: avoid multiple line dereference (bsc#1183871\n ltc#192139).\n\n - ibmvnic: fix block comments (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix braces (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix miscellaneous checks (bsc#1183871\n ltc#192139).\n\n - ibmvnic: Fix possibly uninitialized old_num_tx_queues\n variable warning (jsc#SLE-17268).\n\n - ibmvnic: merge do_change_param_reset into do_reset\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer strscpy over strlcpy (bsc#1183871\n ltc#192139).\n\n - ibmvnic: prefer 'unsigned long' over 'unsigned long int'\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove excessive irqsave (bsc#1182485\n ltc#191591).\n\n - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove unused spinlock_t stats_lock definition\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: rework to ensure SCRQ entry reads are properly\n ordered (bsc#1183871 ltc#192139).\n\n - ibmvnic: simplify reset_long_term_buff function\n (bsc#1183023 ltc#191791).\n\n - ibmvnic: substitute mb() with dma_wmb() for send_*crq*\n functions (bsc#1183023 ltc#191791).\n\n - ice: fix memory leak if register_netdev_fails\n (git-fixes).\n\n - ice: fix memory leak in ice_vsi_setup (git-fixes).\n\n - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).\n\n - ice: remove DCBNL_DEVRESET bit from PF state\n (jsc#SLE-7926).\n\n - ice: renegotiate link after FW DCB on (jsc#SLE-8464).\n\n - ice: report correct max number of TCs (jsc#SLE-7926).\n\n - ice: update the number of available RSS queues\n (jsc#SLE-7926).\n\n - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).\n\n - iio: adc: ad7949: fix wrong ADC result due to incorrect\n bit mask (git-fixes).\n\n - iio:adc:qcom-spmi-vadc: add default scale to\n LR_MUX2_BAT_ID channel (git-fixes).\n\n - iio: adis16400: Fix an error code in\n adis16400_initial_setup() (git-fixes).\n\n - iio: gyro: mpu3050: Fix error handling in\n mpu3050_trigger_handler (git-fixes).\n\n - iio: hid-sensor-humidity: Fix alignment issue of\n timestamp channel (git-fixes).\n\n - iio: hid-sensor-prox: Fix scale not correct issue\n (git-fixes).\n\n - iio: hid-sensor-temperature: Fix issues of timestamp\n channel (git-fixes).\n\n - include/linux/sched/mm.h: use rcu_dereference in\n in_vfork() (git-fixes).\n\n - Input: applespi - do not wait for responses to commands\n indefinitely (git-fixes).\n\n - Input: elantech - fix protocol errors for some\n trackpoints in SMBus mode (git-fixes).\n\n - Input: i8042 - add ASUS Zenbook Flip to noselftest list\n (git-fixes).\n\n - Input: raydium_ts_i2c - do not send zero length\n (git-fixes).\n\n - Input: xpad - add support for PowerA Enhanced Wired\n Controller for Xbox Series X|S (git-fixes).\n\n - iommu/amd: Fix sleeping in atomic in\n increase_address_space() (bsc#1183277).\n\n - iommu/intel: Fix memleak in intel_irq_remapping_alloc\n (bsc#1183278).\n\n - iommu/qcom: add missing put_device() call in\n qcom_iommu_of_xlate() (bsc#1183637).\n\n - iommu/vt-d: Add get_domain_info() helper (bsc#1183279).\n\n - iommu/vt-d: Avoid panic if iommu init fails in tboot\n system (bsc#1183280).\n\n - iommu/vt-d: Correctly check addr alignment in\n qi_flush_dev_iotlb_pasid() (bsc#1183281).\n\n - iommu/vt-d: Do not use flush-queue when caching-mode is\n on (bsc#1183282).\n\n - iommu/vt-d: Fix general protection fault in\n aux_detach_device() (bsc#1183283).\n\n - iommu/vt-d: Fix ineffective devTLB invalidation for\n subdevices (bsc#1183284).\n\n - iommu/vt-d: Fix unaligned addresses for\n intel_flush_svm_range_dev() (bsc#1183285).\n\n - iommu/vt-d: Move intel_iommu info from struct intel_svm\n to struct intel_svm_dev (bsc#1183286).\n\n - ionic: linearize tso skb with too many frags\n (bsc#1167773).\n\n - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295\n git-fixes).\n\n - kbuild: add dummy toolchains to enable all cc-option\n etc. in Kconfig (bcs#1181862).\n\n - kbuild: change *FLAGS_<basetarget>.o to take the path\n relative to $(obj) (bcs#1181862).\n\n - kbuild: dummy-tools, fix inverted tests for gcc\n (bcs#1181862).\n\n - kbuild: dummy-tools, support MPROFILE_KERNEL checks for\n ppc (bsc#1181862).\n\n - kbuild: Fail if gold linker is detected (bcs#1181862).\n\n - kbuild: improve cc-option to clean up all temporary\n files (bsc#1178330).\n\n - kbuild: include scripts/Makefile.* only when relevant\n CONFIG is enabled (bcs#1181862).\n\n - kbuild: simplify GCC_PLUGINS enablement in\n dummy-tools/gcc (bcs#1181862).\n\n - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from\n cc-option base (bcs#1181862).\n\n - kbuild: use -S instead of -E for precise cc-option test\n in Kconfig (bsc#1178330).\n\n - kconfig: introduce m32-flag and m64-flag (bcs#1181862).\n\n - KVM: nVMX: Properly handle userspace interrupt window\n request (bsc#1183427).\n\n - KVM: SVM: Clear the CR4 register on reset (bsc#1183252).\n\n - KVM: x86: Add helpers to perform CPUID-based guest\n vendor check (bsc#1183445). \n\n - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter,\n tracepoint Needed as a dependency of 0b40723a827 ('kvm:\n tracing: Fix unmatched kvm_entry and kvm_exit events',\n bsc#1182770).\n\n - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if\n tsx=off (bsc#1183287).\n\n - KVM: x86: do not reset microcode version on INIT or\n RESET (bsc#1183412).\n\n - KVM x86: Extend AMD specific guest behavior to Hygon\n virtual CPUs (bsc#1183447).\n\n - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR\n (bsc#1183369).\n\n - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID\n hits max entries (bsc#1183428).\n\n - KVM: x86: Set so called 'reserved CR3 bits in LM mask'\n at vCPU reset (bsc#1183288).\n\n - libbpf: Clear map_info before each\n bpf_obj_get_info_by_fd (bsc#1155518).\n\n - libbpf: Fix BTF dump of pointer-to-array-of-struct\n (bsc#1155518).\n\n - libbpf: Fix INSTALL flag order (bsc#1155518).\n\n - libbpf: Use SOCK_CLOEXEC when opening the netlink socket\n (bsc#1155518).\n\n - lib/syscall: fix syscall registers retrieval on 32-bit\n platforms (git-fixes).\n\n - locking/mutex: Fix non debug version of\n mutex_lock_io_nested() (git-fixes).\n\n -\n loop-be-paranoid-on-exit-and-prevent-new-additions-r.pat\n ch: (bsc#1171295).\n\n - mac80211: choose first enabled channel for monitor\n (git-fixes).\n\n - mac80211: fix double free in ibss_leave (git-fixes).\n\n - mac80211: fix rate mask reset (git-fixes).\n\n - mac80211: fix TXQ AC confusion (git-fixes).\n\n - mdio: fix mdio-thunder.c dependency & build error\n (git-fixes).\n\n - media: cros-ec-cec: do not bail on device_init_wakeup\n failure (git-fixes).\n\n - media: cx23885: add more quirks for reset DMA on some\n AMD IOMMU (git-fixes).\n\n - media: mceusb: Fix potential out-of-bounds shift\n (git-fixes).\n\n - media: mceusb: sanity check for prescaler value\n (git-fixes).\n\n - media: rc: compile rc-cec.c into rc-core (git-fixes).\n\n - media: usbtv: Fix deadlock on suspend (git-fixes).\n\n - media: uvcvideo: Allow entities with no pads\n (git-fixes).\n\n - media: v4l2-ctrls.c: fix shift-out-of-bounds in\n std_validate (git-fixes).\n\n - media: v4l: vsp1: Fix bru NULL pointer access\n (git-fixes).\n\n - media: v4l: vsp1: Fix uif NULL pointer access\n (git-fixes).\n\n - media: vicodec: add missing v4l2_ctrl_request_hdl_put()\n (git-fixes).\n\n - misc: eeprom_93xx46: Add quirk to support Microchip\n 93LC46B eeprom (git-fixes).\n\n - misc: fastrpc: restrict user apps from sending kernel\n RPC messages (git-fixes).\n\n - misc/pvpanic: Export module FDT device table\n (git-fixes).\n\n - misc: rtsx: init of rts522a add OCP power off when no\n card is present (git-fixes).\n\n - mISDN: fix crash in fritzpci (git-fixes).\n\n - mmc: core: Fix partition switch time for eMMC\n (git-fixes).\n\n - mmc: cqhci: Fix random crash when remove mmc module/card\n (git-fixes).\n\n - mmc: mxs-mmc: Fix a resource leak in an error handling\n path in 'mxs_mmc_probe()' (git-fixes).\n\n - mmc: sdhci-esdhc-imx: fix kernel panic when remove\n module (git-fixes).\n\n - mmc: sdhci-of-dwcmshc: set\n SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).\n\n - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB\n page (git-fixes).\n\n - mm, numa: fix bad pmd by atomically check for\n pmd_trans_huge when marking page tables prot_numa\n (bsc#1168777).\n\n - mount: fix mounting of detached mounts onto targets that\n reside on shared mounts (git-fixes).\n\n - mt76: dma: do not report truncated frames to mac80211\n (git-fixes).\n\n - mwifiex: pcie: skip cancel_work_sync() on reset failure\n path (git-fixes).\n\n - net: arc_emac: Fix memleak in arc_mdio_probe\n (git-fixes).\n\n - net: atheros: switch from 'pci_' to 'dma_' API\n (git-fixes).\n\n - net: b44: fix error return code in b44_init_one()\n (git-fixes).\n\n - net: bonding: fix error return code of bond_neigh_init()\n (bsc#1154353).\n\n - net: cdc-phonet: fix data-interface release on probe\n failure (git-fixes).\n\n - net: core: introduce __netdev_notify_peers (bsc#1183871\n ltc#192139).\n\n - netdevsim: init u64 stats for 32bit hardware\n (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN semantics (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN set-up (git-fixes).\n\n - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).\n\n - net: enic: Cure the enic api locking trainwreck\n (git-fixes).\n\n - net: ethernet: aquantia: Fix wrong return value\n (git-fixes).\n\n - net: ethernet: cavium: octeon_mgmt: use phy_start and\n phy_stop (git-fixes).\n\n - net: ethernet: ibm: ibmvnic: Fix some kernel-doc\n misdemeanours (bsc#1183871 ltc#192139).\n\n - net: ethernet: ti: cpsw: fix clean up of vlan mc entries\n for host port (git-fixes).\n\n - net: ethernet: ti: cpsw: fix error return code in\n cpsw_probe() (git-fixes).\n\n - net: fec: Fix phy_device lookup for\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix PHY init after\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix reference count leak in fec series ops\n (git-fixes).\n\n - net: gemini: Fix another missing clk_disable_unprepare()\n in probe (git-fixes).\n\n - net: gemini: Fix missing free_netdev() in error path of\n gemini_ethernet_port_probe() (git-fixes).\n\n - net: gianfar: Add of_node_put() before goto statement\n (git-fixes).\n\n - net: hdlc: In hdlc_rcv, check to make sure dev is an\n HDLC device (git-fixes).\n\n - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag\n after calling ether_setup (git-fixes).\n\n - net: hns3: Remove the left over redundant check &\n assignment (bsc#1154353).\n\n - net: korina: cast KSEG0 address to pointer in kfree\n (git-fixes).\n\n - net: korina: fix kfree of rx/tx descriptor array\n (git-fixes).\n\n - net: lantiq: Wait for the GPHY firmware to be ready\n (git-fixes).\n\n - net/mlx5: Disable devlink reload for lag devices\n (jsc#SLE-8464).\n\n - net/mlx5: Disable devlink reload for multi port slave\n device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on multi port slave device\n (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation division\n (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation for overflow\n (jsc#SLE-8464).\n\n - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).\n\n - net: mvneta: fix double free of txq->buf (git-fixes).\n\n - net: mvneta: make tx buffer array agnostic (git-fixes).\n\n - net: pasemi: fix error return code in pasemi_mac_open()\n (git-fixes).\n\n - net: phy: broadcom: Only advertise EEE for supported\n modes (git-fixes).\n\n - net: qcom/emac: add missed clk_disable_unprepare in\n error path of emac_clks_phase1_init (git-fixes).\n\n - net: qualcomm: rmnet: Fix incorrect receive packet\n handling during cleanup (git-fixes).\n\n - net: sched: disable TCQ_F_NOLOCK for pfifo_fast\n (bsc#1183405)\n\n - netsec: restore phy power state after controller reset\n (bsc#1183757).\n\n - net: spider_net: Fix the size used in a\n 'dma_free_coherent()' call (git-fixes).\n\n - net: stmmac: Fix incorrect location to set\n real_num_rx|tx_queues (git-fixes).\n\n - net: stmmac: removed enabling eee in EEE set callback\n (git-fixes).\n\n - net: stmmac: use netif_tx_start|stop_all_queues()\n function (git-fixes).\n\n - net: stmmac: Use rtnl_lock/unlock on\n netif_set_real_num_rx_queues() call (git-fixes).\n\n - net: usb: ax88179_178a: fix missing stop entry in\n driver_info (git-fixes).\n\n - net: usb: qmi_wwan: allow qmimux add/del with master up\n (git-fixes).\n\n - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).\n\n - net: wan/lmc: unregister device when no matching device\n is found (git-fixes).\n\n - nfp: flower: fix pre_tun mask id allocation\n (bsc#1154353).\n\n - nvme: allocate the keep alive request using\n BLK_MQ_REQ_NOWAIT (bsc#1182077).\n\n - nvme-fabrics: fix kato initialization (bsc#1182591).\n\n - nvme-fabrics: only reserve a single tag (bsc#1182077).\n\n - nvme-fc: fix racing controller reset and create\n association (bsc#1183048).\n\n - nvme-hwmon: Return error code when registration fails\n (bsc#1177326).\n\n - nvme: merge nvme_keep_alive into nvme_keep_alive_work\n (bsc#1182077).\n\n - nvme: return an error if nvme_set_queue_count() fails\n (bsc#1180197).\n\n - nvmet-rdma: Fix list_del corruption on queue\n establishment failure (bsc#1183501).\n\n - objtool: Fix '.cold' section suffix check for newer\n versions of GCC (bsc#1169514).\n\n - objtool: Fix error handling for STD/CLD warnings\n (bsc#1169514).\n\n - objtool: Fix retpoline detection in asm code\n (bsc#1169514).\n\n - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).\n\n - ovl: fix out of date comment and unreachable code\n (bsc#1184176).\n\n - ovl: fix regression with re-formatted lower squashfs\n (bsc#1184176).\n\n - ovl: fix unneeded call to ovl_change_flags()\n (bsc#1184176).\n\n - ovl: fix value of i_ino for lower hardlink corner case\n (bsc#1184176).\n\n - ovl: initialize error in ovl_copy_xattr (bsc#1184176).\n\n - ovl: relax WARN_ON() when decoding lower directory file\n handle (bsc#1184176).\n\n - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT\n Pulse (git-fixes).\n\n - PCI: Add function 1 DMA alias quirk for Marvell 9215\n SATA controller (git-fixes).\n\n - PCI: Align checking of syscall user config accessors\n (git-fixes).\n\n - PCI: Decline to resize resources if boot config must be\n preserved (git-fixes).\n\n - PCI: Fix pci_register_io_range() memory leak\n (git-fixes).\n\n - PCI: mediatek: Add missing of_node_put() to fix\n reference leak (git-fixes).\n\n - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064\n (git-fixes).\n\n - PCI: xgene-msi: Fix race in installing chained irq\n handler (git-fixes).\n\n - pinctrl: rockchip: fix restore error in resume\n (git-fixes).\n\n - Platform: OLPC: Fix probe error handling (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for\n the Aspire Switch 10E SW3-016 (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE\n capability flag (git-fixes).\n\n - platform/x86: acer-wmi: Add new force_caps module\n parameter (git-fixes).\n\n - platform/x86: acer-wmi: Add support for SW_TABLET_MODE\n on Switch devices (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup accelerometer device\n handling (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines\n (git-fixes).\n\n - platform/x86: intel-hid: Support Lenovo ThinkPad X1\n Tablet Gen 2 (git-fixes).\n\n - platform/x86: intel-vbtn: Stop reporting SW_DOCK events\n (git-fixes).\n\n - platform/x86: thinkpad_acpi: Allow the FnLock LED to\n change state (git-fixes).\n\n - PM: EM: postpone creating the debugfs dir till\n fs_initcall (git-fixes).\n\n - PM: runtime: Add pm_runtime_resume_and_get to deal with\n usage counter (bsc#1183366).\n\n - PM: runtime: Fix ordering in pm_runtime_get_suppliers()\n (git-fixes).\n\n - PM: runtime: Fix race getting/putting suppliers at probe\n (git-fixes).\n\n - post.sh: Return an error when module update fails\n (bsc#1047233 bsc#1184388).\n\n - powerpc/64s: Fix instruction encoding for lis in\n ppc_function_entry() (bsc#1065729).\n\n - powerpc/book3s64/radix: Remove WARN_ON in\n destroy_context() (bsc#1183692 ltc#191963).\n\n - powerpc/pmem: Include pmem prototypes (bsc#1113295\n git-fixes).\n\n - powerpc/pseries/mobility: handle premature return from\n H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662\n ltc#191922).\n\n - powerpc/pseries/mobility: use struct for shared state\n (bsc#1181674 ltc#189159 git-fixes bsc#1183662\n ltc#191922).\n\n - powerpc/pseries/ras: Remove unused variable 'status'\n (bsc#1065729).\n\n - powerpc/sstep: Check instruction validity against ISA\n version before emulation (bsc#1156395).\n\n - powerpc/sstep: Fix darn emulation (bsc#1156395).\n\n - powerpc/sstep: Fix incorrect return from analyze_instr()\n (bsc#1156395).\n\n - powerpc/sstep: Fix load-store and update emulation\n (bsc#1156395).\n\n - printk: fix deadlock when kernel panic (bsc#1183018).\n\n - proc: fix lookup in /proc/net subdirectories after\n setns(2) (git-fixes).\n\n - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous\n clk_unprepare() (git-fixes).\n\n - qlcnic: fix error return code in\n qlcnic_83xx_restart_hw() (git-fixes).\n\n - qxl: Fix uninitialised struct field head.surface_id\n (git-fixes).\n\n - random: fix the RNDRESEEDCRNG ioctl (git-fixes).\n\n - RAS/CEC: Correct ce_add_elem()'s returned values\n (bsc#1152489).\n\n - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).\n\n - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).\n\n - RDMA/srp: Fix support for unpopulated and unbalanced\n NUMA nodes (bsc#1169709)\n\n - regulator: bd9571mwv: Fix AVS and DVFS voltage range\n (git-fixes).\n\n - Revert 'net: bonding: fix error return code of\n bond_neigh_init()' (bsc#1154353).\n\n - rpadlpar: fix potential drc_name corruption in store\n functions (bsc#1183416 ltc#191079).\n\n - rpm/check-for-config-changes: add -mrecord-mcount ignore\n Added by 3b15cdc15956 (tracing: move function tracer\n options to Kconfig) upstream.\n\n - rpm/check-for-config-changes: Also ignore AS_VERSION\n added in 5.12.\n\n - rpm/check-for-config-changes: comment on the list To\n explain what it actually is.\n\n - rpm/check-for-config-changes: declare sed args as an\n array So that we can reuse it in both seds. This also\n introduces IGNORED_CONFIGS_RE array which can be easily\n extended.\n\n - rpm/check-for-config-changes: define ignores more\n strictly * search for whole words, so make wildcards\n explicit * use ' for quoting * prepend CONFIG_\n dynamically, so it need not be in the list\n\n - rpm/check-for-config-changes: sort the ignores They are\n growing so to make them searchable by humans.\n\n - rpm/kernel-binary.spec.in: Fix dependency of\n kernel-*-devel package (bsc#1184514) The devel package\n requires the kernel binary package itself for building\n modules externally.\n\n - rsi: Fix TX EAPOL packet handling against iwlwifi AP\n (git-fixes).\n\n - rsi: Move card interrupt handling to RX thread\n (git-fixes).\n\n - rsxx: Return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/crypto: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/dasd: fix hanging IO request during DASD driver\n unbind (git-fixes).\n\n - s390/qeth: fix memory leak after failed TX Buffer\n allocation (git-fixes).\n\n - s390/qeth: fix notification for pending buffers during\n teardown (git-fixes).\n\n - s390/qeth: improve completion of pending TX buffers\n (git-fixes).\n\n - s390/qeth: schedule TX NAPI on QAOB completion\n (git-fixes).\n\n - s390/vtime: fix increased steal time accounting\n (bsc#1183859).\n\n - samples, bpf: Add missing munmap in xdpsock\n (bsc#1155518).\n\n - scsi: ibmvfc: Fix invalid state machine BUG_ON()\n (bsc#1184647 ltc#191231).\n\n - scsi: lpfc: Change wording of invalid pci reset log\n message (bsc#1182574).\n\n - scsi: lpfc: Correct function header comments related to\n ndlp reference counting (bsc#1182574).\n\n - scsi: lpfc: Fix ADISC handling that never frees nodes\n (bsc#1182574).\n\n - scsi: lpfc: Fix crash caused by switch reboot\n (bsc#1182574).\n\n - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery\n recovery (bsc#1182574).\n\n - scsi: lpfc: Fix FLOGI failure due to accessing a freed\n node (bsc#1182574).\n\n - scsi: lpfc: Fix incorrect dbde assignment when building\n target abts wqe (bsc#1182574).\n\n - scsi: lpfc: Fix lpfc_els_retry() possible NULL pointer\n dereference (bsc#1182574).\n\n - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).\n\n - scsi: lpfc: Fix NULL pointer dereference in\n lpfc_prep_els_iocb() (bsc#1182574).\n\n - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN\n (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt connection does not recover after\n LOGO (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt state transition causing rmmod\n hang (bsc#1182574).\n\n - scsi: lpfc: Fix reftag generation sizing errors\n (bsc#1182574).\n\n - scsi: lpfc: Fix stale node accesses on stale RRQ request\n (bsc#1182574).\n\n - scsi: lpfc: Fix status returned in lpfc_els_retry()\n error exit path (bsc#1182574).\n\n - scsi: lpfc: Fix unnecessary null check in\n lpfc_release_scsi_buf (bsc#1182574).\n\n - scsi: lpfc: Fix use after free in lpfc_els_free_iocb\n (bsc#1182574).\n\n - scsi: lpfc: Fix vport indices in\n lpfc_find_vport_by_vpid() (bsc#1182574).\n\n - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports\n (bsc#1182574).\n\n - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8\n changes (bsc#1182574).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.8\n (bsc#1182574).\n\n - scsi: target: pscsi: Avoid OOM in pscsi_map_sg()\n (bsc#1183843).\n\n - scsi: target: pscsi: Clean up after failure in\n pscsi_map_sg() (bsc#1183843).\n\n - selftests/bpf: Mask bpf_csum_diff() return value to 16\n bits in test_verifier (bsc#1155518).\n\n - selftests/bpf: No need to drop the packet when there is\n no geneve opt (bsc#1155518).\n\n - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt\n failed (bsc#1155518).\n\n - selinux: fix error initialization in\n inode_doinit_with_dentry() (git-fixes).\n\n - selinux: Fix error return code in sel_ib_pkey_sid_slow()\n (git-fixes).\n\n - selinux: fix inode_doinit_with_dentry() LABEL_INVALID\n error handling (git-fixes).\n\n - smb3: add dynamic trace point to trace when credits\n obtained (bsc#1181507).\n\n - smb3: fix crediting for compounding when only one\n request in flight (bsc#1181507).\n\n - smb3: Fix out-of-bounds bug in SMB2_negotiate()\n (bsc#1183540).\n\n - soc/fsl: qbman: fix conflicting alignment attributes\n (git-fixes).\n\n - software node: Fix node registration (git-fixes).\n\n - spi: stm32: make spurious and overrun interrupts visible\n (git-fixes).\n\n - squashfs: fix inode lookup sanity checks (bsc#1183750).\n\n - squashfs: fix xattr id and id lookup sanity checks\n (bsc#1183750).\n\n - stop_machine: mark helpers __always_inline (git-fixes).\n\n - thermal/core: Add NULL pointer check before using\n cooling device stats (git-fixes).\n\n - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).\n\n - Update bug reference for USB-audio fixes (bsc#1182552\n bsc#1183598)\n\n - USB: cdc-acm: downgrade message to debug (git-fixes).\n\n - USB: cdc-acm: fix double free on probe failure\n (git-fixes).\n\n - USB: cdc-acm: fix use-after-free after probe failure\n (git-fixes).\n\n - USB: cdc-acm: untangle a circular dependency between\n callback and softint (git-fixes).\n\n - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960\n board (git-fixes).\n\n - USB: dwc2: Prevent core suspend when port connection\n flag is 0 (git-fixes).\n\n - USB: dwc3: gadget: Fix dep->interval for fullspeed\n interrupt (git-fixes).\n\n - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1\n (git-fixes).\n\n - USB: dwc3: qcom: Add missing DWC3 OF node refcount\n decrement (git-fixes).\n\n - USB: dwc3: qcom: Honor wakeup enabled/disabled state\n (git-fixes).\n\n - USB: gadget: configfs: Fix KASAN use-after-free\n (git-fixes).\n\n - USB: gadget: f_uac1: stop playback on function disable\n (git-fixes).\n\n - USB: gadget: f_uac2: always increase endpoint\n max_packet_size by one audio slot (git-fixes).\n\n - USB: gadget: udc: amd5536udc_pci fix\n null-ptr-dereference (git-fixes).\n\n - USB: gadget: u_ether: Fix a configfs return code\n (git-fixes).\n\n - USBip: Fix incorrect double assignment to udc->ud.tcp_rx\n (git-fixes).\n\n - USBip: fix stub_dev to check for stream socket\n (git-fixes).\n\n - USBip: fix stub_dev usbip_sockfd_store() races leading\n to gpf (git-fixes).\n\n - USBip: fix vhci_hcd attach_store() races leading to gpf\n (git-fixes).\n\n - USBip: fix vhci_hcd to check for stream socket\n (git-fixes).\n\n - USBip: fix vudc to check for stream socket (git-fixes).\n\n - USBip: fix vudc usbip_sockfd_store races leading to gpf\n (git-fixes).\n\n - USBip: tools: fix build error for multiple definition\n (git-fixes).\n\n - USBip: vhci_hcd fix shift out-of-bounds in\n vhci_hub_control() (git-fixes).\n\n - USB: musb: Fix suspend with devices connected for a64\n (git-fixes).\n\n - USB: quirks: ignore remote wake-up on Fibocom L850-GL\n LTE modem (git-fixes).\n\n - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe\n with other EPNUM (git-fixes).\n\n - USB: replace hardcode maximum usb string length by\n definition (git-fixes).\n\n - USB: serial: ch341: add new Product ID (git-fixes).\n\n - USB: serial: cp210x: add ID for Acuity Brands nLight Air\n Adapter (git-fixes).\n\n - USB: serial: cp210x: add some more GE USB IDs\n (git-fixes).\n\n - USB: serial: ftdi_sio: fix FTX sub-integer prescaler\n (git-fixes).\n\n - USB: serial: io_edgeport: fix memory leak in\n edge_startup (git-fixes).\n\n - USB-storage: Add quirk to defeat Kindle's automatic\n unload (git-fixes).\n\n - USB: typec: tcpm: Invoke power_supply_changed for\n tcpm-source-psy- (git-fixes).\n\n - USB: usblp: fix a hang in poll() if disconnected\n (git-fixes).\n\n - USB: xhci: do not perform Soft Retry for some xHCI hosts\n (git-fixes).\n\n - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA\n addressing (git-fixes).\n\n - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI\n (git-fixes).\n\n - use __netdev_notify_peers in ibmvnic (bsc#1183871\n ltc#192139).\n\n - video: fbdev: acornfb: remove free_unused_pages()\n (bsc#1152489)\n\n - video: hyperv_fb: Fix a double free in hvfb_probe\n (git-fixes).\n\n - VMCI: Use set_page_dirty_lock() when unregistering guest\n memory (git-fixes).\n\n - vt/consolemap: do font sum unsigned (git-fixes).\n\n - watchdog: mei_wdt: request stop on unregister\n (git-fixes).\n\n - wireguard: device: do not generate ICMP for non-IP\n packets (git-fixes).\n\n - wireguard: kconfig: use arm chacha even with no neon\n (git-fixes).\n\n - wireguard: selftests: test multiple parallel streams\n (git-fixes).\n\n - wlcore: Fix command execute failure 19 for wl12xx\n (git-fixes).\n\n - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task\n (bsc#1152489).\n\n - x86: Introduce TS_COMPAT_RESTART to fix\n get_nr_restart_syscall() (bsc#1152489).\n\n - x86/ioapic: Ignore IRQ2 again (bsc#1152489).\n\n - x86/mem_encrypt: Correct physical address calculation in\n __set_clr_pte_enc() (bsc#1152489).\n\n - xen/events: avoid handling the same event on two cpus at\n the same time (git-fixes).\n\n - xen/events: do not unmask an event channel when an eoi\n is pending (git-fixes).\n\n - xen/events: fix setting irq affinity (bsc#1184583).\n\n - xen/events: reset affinity of 2-level event when tearing\n it down (git-fixes).\n\n - xen/gnttab: handle p2m update errors on a per-slot basis\n (bsc#1183022 XSA-367).\n\n - xen-netback: respect gnttab_map_refs()'s return value\n (bsc#1183022 XSA-367).\n\n - xfs: group quota should return EDQUOT when prj quota\n enabled (bsc#1180980).\n\n - xhci: Fix repeated xhci wake after suspend due to\n uncleared internal wake state (git-fixes).\n\n - xhci: Improve detection of device initiated wake signal\n (git-fixes).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184647\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18814\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cluster-md-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cluster-md-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cluster-md-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cluster-md-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"dlm-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"dlm-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"dlm-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"dlm-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"gfs2-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"gfs2-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"gfs2-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"gfs2-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-devel-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-debugsource-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-devel-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-devel-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-extra-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-extra-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-debugsource-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-devel-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-devel-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-extra-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-extra-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-syms-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kselftests-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kselftests-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kselftests-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kselftests-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ocfs2-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ocfs2-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ocfs2-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ocfs2-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"reiserfs-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"reiserfs-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"reiserfs-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"reiserfs-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cluster-md-kmp-rt / cluster-md-kmp-rt-debuginfo / dlm-kmp-rt / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:25:40", "description": "The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\nCVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\nCVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).\n\nCVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512).\n\nCVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-16T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1211-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18814", "CVE-2019-19769", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28375", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-1211-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148698", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1211-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148698);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2019-18814\",\n \"CVE-2019-19769\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-3483\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28375\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1211-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not\nproperly handle mod32 destination register truncation when the source\nregister was known to be 0 leading to out of bounds read\n(bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent\n(bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have\nallowed attackers to obtain sensitive information from kernel memory\nbecause of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have\nallowed attackers to cause a denial of service due to race conditions\nduring an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet\ndriver which could have allowed attackers to cause a system crash due\nto a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a\nnew device name to the driver from userspace, allowing userspace to\nwrite data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could\nhave caused a system crash because the PEBS status in a PEBS record\nwas mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could\nhave allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan\n(bsc#1183593 ).\n\nCVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did\nnot prevent user applications from sending kernel RPC messages\n(bsc#1183596).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was\nlacking necessary treatment of errors such as failed memory\nallocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a\nNetlink message that is associated with iSCSI, and has a length up to\nthe maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink\nmessages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used\nto determine the address of the iscsi_transport structure\n(bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in\nx25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have\nallowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds\nspeculation on pointer arithmetic, leading to side-channel attacks\nthat defeat Spectre mitigations and obtain sensitive information from\nkernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat\nSpectre mitigations and obtain sensitive information from kernel\nmemory (bsc#1183686).\n\nCVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire\nfunction (bsc#1159280 ).\n\nCVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in\naa_audit_rule_init() (bsc#1156256).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed\nmultiple bugs in NFC subsytem (bsc#1178181).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (bsc#1184511).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements,\nallowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in\nvideo_usercopy (bsc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2020-36310: Fixed infinite loop for certain nested page faults\n(bsc#1184512).\n\nCVE-2020-36312: Fixed a memory leak upon a kmalloc failure\n(bsc#1184509 ).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop\ncontinually was finding the same bad inode (bsc#1184194).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-18814/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19769/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25670/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25671/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25672/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27170/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27171/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35519/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36310/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36312/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28375/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28950/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28964/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28971/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29647/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3428/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3483/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211211-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3f6d73a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-1211=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18814\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-5.3.18-33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:25:57", "description": "The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\nCVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\nCVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).\n\nCVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194).\n\nCVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).\n\nCVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).\n\nCVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-19T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1238-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18814", "CVE-2019-19769", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28375", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-1238-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148747", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1238-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148747);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2019-18814\",\n \"CVE-2019-19769\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2020-36322\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-3483\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28375\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1238-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not\nproperly handle mod32 destination register truncation when the source\nregister was known to be 0 leading to out of bounds read\n(bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent\n(bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have\nallowed attackers to obtain sensitive information from kernel memory\nbecause of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have\nallowed attackers to cause a denial of service due to race conditions\nduring an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet\ndriver which could have allowed attackers to cause a system crash due\nto a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a\nnew device name to the driver from userspace, allowing userspace to\nwrite data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could\nhave caused a system crash because the PEBS status in a PEBS record\nwas mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could\nhave allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan\n(bsc#1183593 ).\n\nCVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did\nnot prevent user applications from sending kernel RPC messages\n(bsc#1183596).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was\nlacking necessary treatment of errors such as failed memory\nallocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a\nNetlink message that is associated with iSCSI, and has a length up to\nthe maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink\nmessages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used\nto determine the address of the iscsi_transport structure\n(bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in\nx25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have\nallowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds\nspeculation on pointer arithmetic, leading to side-channel attacks\nthat defeat Spectre mitigations and obtain sensitive information from\nkernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat\nSpectre mitigations and obtain sensitive information from kernel\nmemory (bsc#1183686).\n\nCVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire\nfunction (bsc#1159280 ).\n\nCVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in\naa_audit_rule_init() (bsc#1156256).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in\nvideo_usercopy (bsc#1184120).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements,\nallowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop\ncontinually was finding the same bad inode (bsc#1184194).\n\nCVE-2020-36312: Fixed a memory leak upon a kmalloc failure\n(bsc#1184509 ).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (bsc#1184511).\n\nCVE-2020-36310: Fixed infinite loop for certain nested page faults\n(bsc#1184512).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed\nmultiple bugs in NFC subsytem (bsc#1178181).\n\nCVE-2020-36322: Fixed an issue was discovered in FUSE filesystem\nimplementation which could have caused a system crash (bsc#1184211).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-18814/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19769/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25670/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25671/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25672/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27170/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27171/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35519/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36310/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36312/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36322/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28375/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28950/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28964/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28971/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29647/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3428/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3483/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211238-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4eff8d90\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE MicroOS 5.0 :\n\nzypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1238=1\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1238=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-1238=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-1238=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP2-2021-1238=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1238=1\n\nSUSE Linux Enterprise High Availability 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1238=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18814\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.61.1.9.26.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.61.1.9.26.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.61.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-24T15:16:32", "description": "The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181).\n\nCVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).\n\nCVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193).\n\nCVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170).\n\nCVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196).\n\nCVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up.\nThe lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination (bnc#1184198).\n\nCVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192).\n\nCVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775).\n\nCVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).\n\nCVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).\n\nCVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1596-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0433", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27673", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-20219", "CVE-2021-26931", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-1596-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149491", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1596-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149491);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2020-0433\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27673\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2020-36322\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-3483\",\n \"CVE-2021-20219\",\n \"CVE-2021-26931\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29155\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1596-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a\nkvm_io_bus_unregister_dev memory leak upon a kmalloc failure\n(bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that\nallowed attackers to cause a denial of service (panic) because\nnet/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a\nfull memory barrier upon the assignment of a new table value\n(bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that\nperformed undesirable out-of-bounds speculation on pointer arithmetic,\nleading to side-channel attacks that defeat Spectre mitigations and\nobtain sensitive information from kernel memory. Specifically, for\nsequences of pointer arithmetic operations, the pointer modification\nperformed by the first operation is not correctly accounted for when\nrestricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed\na set_memory_region_test infinite loop for certain nested page faults\n(bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could\nhave caused a denial of service (host OS hang) via a high rate of\nevents to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute\narbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated\nllcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind()\n(bsc#1178181).\n\nCVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed\nattackers to cause a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (which requires unregistering many\nencrypted regions) (bnc#1184511).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on\nCPU' could have occured because a retry loop continually finds the\nsame bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem\nimplementation where fuse_do_getattr() calls make_bad_inode() in\ninappropriate situations, could have caused a system crash. NOTE: the\noriginal fix for this vulnerability was incomplete, and its\nincompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists\n(bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl()\n(bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in\ndrivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker\nwith a normal user privilege could have delayed the loop and cause a\nthreat to the system availability (bnc#1184397).\n\nCVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could\nhave caused a denial of service because of a lack of locking on an\nextent buffer before a cloning operation (bnc#1184193).\n\nCVE-2021-3444: Fixed the bpf verifier as it did not properly handle\nmod32 destination register truncation when the source register was\nknown to be 0. A local attacker with the ability to load bpf programs\ncould use this gain out-of-bounds reads in kernel memory leading to\ninformation disclosure (kernel memory), and possibly out-of-bounds\nwrites that could potentially lead to code execution (bnc#1184170).\n\nCVE-2021-28971: Fixed a potential local denial of service in\nintel_pmu_drain_pebs_nhm where userspace applications can cause a\nsystem crash because the PEBS status in a PEBS record is mishandled\n(bnc#1184196).\n\nCVE-2021-28688: Fixed XSA-365 that includes initialization of pointers\nsuch that subsequent cleanup code wouldn't use uninitialized or stale\nvalues. This initialization went too far and may under certain\nconditions also overwrite pointers which are in need of cleaning up.\nThe lack of cleanup would result in leaking persistent grants. The\nleak in turn would prevent fully cleaning up after a respective guest\nhas died, leaving around zombie domains (bnc#1183646).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in\ndrivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial\nof service (GPF) because the stub-up sequence has race conditions\nduring an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in\ndrivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar\nEthernet driver that allowed attackers to cause a system crash because\na negative fragment size is calculated in situations involving an rx\nqueue overrun when jumbo packets are used and NAPI is enabled\n(bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c\nwhere the RPA PCI Hotplug driver had a user-tolerable buffer overflow\nwhen writing a new device name to the driver from userspace, allowing\nuserspace to write data to the kernel stack frame directly. This\noccurs because add_slot_store and remove_slot_store mishandle drc_name\n'\\0' termination (bnc#1184198).\n\nCVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in\nnet/qrtr/qrtr.c that allowed attackers to obtain sensitive information\nfrom kernel memory because of a partially uninitialized data structure\n(bnc#1184192).\n\nCVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an\noff-by-one error (with a resultant integer underflow) affecting\nout-of-bounds speculation on pointer arithmetic, leading to\nside-channel attacks that defeat Spectre mitigations and obtain\nsensitive information from kernel memory (bnc#1183686, bnc#1183775).\n\nCVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed\nundesirable out-of-bounds speculation on pointer arithmetic, leading\nto side-channel attacks that defeat Spectre mitigations and obtain\nsensitive information from kernel memory. This affects pointer types\nthat do not define a ptr_limit (bnc#1183686 bnc#1183775).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in\ndrivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing\nbeyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).\n\nCVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent\n(bsc#1173485, bsc#1183509).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where\na possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no\nadditional execution privileges needed. User interaction is not needed\nfor exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the\nnetback driver lacks necessary treatment of errors such as failed\nmemory allocations (as a result of changes to the handling of grant\nmapping errors). A host OS denial of service may occur during\nmisbehavior of a networking frontend driver. NOTE: this issue exists\nbecause of an incomplete fix for CVE-2021-26931 (bnc#1183022,\nbnc#1183069).\n\nCVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree\n(bsc#1179454).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that\ndoes not have appropriate length constraints or checks, and can exceed\nthe PAGE_SIZE value. An unprivileged user can send a Netlink message\nthat is associated with iSCSI, and has a length up to the maximum\nlength of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could\nhave been used to determine the address of the iscsi_transport\nstructure. When an iSCSI transport is registered with the iSCSI\nsubsystem, the transport's handle is available to unprivileged users\nvia the sysfs file system, at\n/sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the\nshow_transport_handle function (in\ndrivers/scsi/scsi_transport_iscsi.c) is called, which leaks the\nhandle. This handle is actually the pointer to an iscsi_transport\nstruct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c\nwhere an unprivileged user can craft Netlink messages (bnc#1182717).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0433/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25670/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25671/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25672/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27170/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27171/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35519/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36310/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36312/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36322/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20219/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28950/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28964/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28971/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29155/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29647/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29650/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3428/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3483/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211596-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5a2d3ed3\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1596=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2021-1596=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1596=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1596=1\n\nSUSE Linux Enterprise Live Patching 12-SP4 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-1596=1\n\nSUSE Linux Enterprise High Availability 12-SP4 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP4-2021-1596=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-debuginfo-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debuginfo-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debugsource-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-devel-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-syms-4.12.14-95.74.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-21T14:54:02", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc. Security Fix(es):A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.(CVE-2020-25669)An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.(CVE-2020-27675)An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.(CVE-2020-27673)An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.(CVE-2020-29368)An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.(CVE-2020-28941)** DISPUTED ** fsfsd fs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE:\n some parties argue that such a subdirectory export is not intended to prevent this attack see also the exports(5) no_subtree_check default behavior.(CVE-2021-3178)An issue was discovered in the Linux kernel through 5.11.3.\n drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.(CVE-2021-27364)An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.(CVE-2021-27363)ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.(CVE-2018-12929)In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.(CVE-2018-12928)rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work) however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.(CVE-2021-28660)There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm ouveau ouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.(CVE-2021-20292)A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected(CVE-2021-3483)In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8.(CVE-2021-28972)A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.(CVE-2021-28964)An issue was discovered in the Linux kernel before 5.11.7.\n usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.(CVE-2021-29265)The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.(CVE-2021-28688)An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.(CVE-2021-30002)An issue was discovered in the Linux kernel before 5.8.10.\n virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.(CVE-2020-36312)An issue was discovered in the Linux kernel before 5.9.\n arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.(CVE-2020-36311)An issue was discovered in the Linux kernel before 5.11.11.\n qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.(CVE-2021-29647)An issue was discovered in the Linux kernel through 5.11.10.\n driverset/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.(CVE-2021-29264)An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5.\n A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35519)An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)An issue was discovered in the Linux kernel before 5.11.8.\n kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.(CVE-2020-27170)BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86 et/bpf_jit_comp.c and arch/x86 et/bpf_jit_comp32.c.(CVE-2021-29154)A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.(CVE-2021-23133)An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf.\n fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE:\n the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.(CVE-2020-36322)An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.(CVE-2021-31916)An issue was discovered in the Linux kernel through 5.11.x.\n kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.(CVE-2021-29155)kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a.\n The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.(CVE-2021-31829)The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.(CVE-2021-33033)kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.(CVE-2021-33200)An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.(CVE-2021-27365)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-07-02T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-2075)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12928", "CVE-2018-12929", "CVE-2020-25669", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-28941", "CVE-2020-29368", "CVE-2020-35519", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-3178", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-33200", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-2075.NASL", "href": "https://www.tenable.com/plugins/nessus/151307", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151307);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2018-12928\",\n \"CVE-2018-12929\",\n \"CVE-2020-25669\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\",\n \"CVE-2020-28941\",\n \"CVE-2020-29368\",\n \"CVE-2020-35519\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2020-36322\",\n \"CVE-2021-3178\",\n \"CVE-2021-3483\",\n \"CVE-2021-20292\",\n \"CVE-2021-23133\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29155\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-30002\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\",\n \"CVE-2021-33200\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-2075)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc. Security Fix(es):A vulnerability was found\n in the Linux Kernel where the function sunkbd_reinit\n having been scheduled by sunkbd_interrupt before sunkbd\n being freed. Though the dangling pointer is set to NULL\n in sunkbd_disconnect, there is still an alias in\n sunkbd_reinit causing Use After Free.(CVE-2020-25669)An\n issue was discovered in the Linux kernel through 5.9.1,\n as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel\n removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL\n pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized\n device, aka CID-073d0552ead5.(CVE-2020-27675)An issue\n was discovered in the Linux kernel through 5.9.1, as\n used with Xen through 4.14.x. Guest OS users can cause\n a denial of service (host OS hang) via a high rate of\n events to dom0, aka CID-e99502f76271.(CVE-2020-27673)An\n issue was discovered in __split_huge_pmd in\n mm/huge_memory.c in the Linux kernel before 5.7.5. The\n copy-on-write implementation can grant unintended write\n access because of a race condition in a THP mapcount\n check, aka CID-c444eb564fb1.(CVE-2020-29368)An issue\n was discovered in\n drivers/accessibility/speakup/spk_ttyio.c in the Linux\n kernel through 5.9.9. Local attackers on systems with\n the speakup driver could cause a local denial of\n service attack, aka CID-d41227544427. This occurs\n because of an invalid free when the line discipline is\n used more than once.(CVE-2020-28941)** DISPUTED **\n fsfsd fs3xdr.c in the Linux kernel through 5.10.8, when\n there is an NFS export of a subdirectory of a\n filesystem, allows remote attackers to traverse to\n other parts of the filesystem via READDIRPLUS. NOTE:\n some parties argue that such a subdirectory export is\n not intended to prevent this attack see also the\n exports(5) no_subtree_check default\n behavior.(CVE-2021-3178)An issue was discovered in the\n Linux kernel through 5.11.3.\n drivers/scsi/scsi_transport_iscsi.c is adversely\n affected by the ability of an unprivileged user to\n craft Netlink messages.(CVE-2021-27364)An issue was\n discovered in the Linux kernel through 5.11.3. A kernel\n pointer leak can be used to determine the address of\n the iscsi_transport structure. When an iSCSI transport\n is registered with the iSCSI subsystem, the transport's\n handle is available to unprivileged users via the sysfs\n file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When\n read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which\n leaks the handle. This handle is actually the pointer\n to an iscsi_transport struct in the kernel module's\n global variables.(CVE-2021-27363)ntfs_read_locked_inode\n in the ntfs.ko filesystem driver in the Linux kernel\n 4.15.0 allows attackers to trigger a use-after-free\n read and possibly cause a denial of service (kernel\n oops or panic) via a crafted ntfs\n filesystem.(CVE-2018-12929)In the Linux kernel 4.15.0,\n a NULL pointer dereference was discovered in\n hfs_ext_read_extent in hfs.ko. This can occur during a\n mount of a crafted hfs\n filesystem.(CVE-2018-12928)rtw_wx_set_scan in\n drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the\n Linux kernel through 5.11.6 allows writing beyond the\n end of the ->ssid[] array. NOTE: from the perspective\n of kernel.org releases, CVE IDs are not normally used\n for drivers/staging/* (unfinished work) however, system\n integrators may have situations in which a\n drivers/staging issue is relevant to their own customer\n base.(CVE-2021-28660)There is a flaw reported in the\n Linux kernel in versions before 5.9 in drivers/gpu/drm\n ouveau ouveau_sgdma.c in nouveau_sgdma_create_ttm in\n Nouveau DRM subsystem. The issue results from the lack\n of validating the existence of an object prior to\n performing operations on the object. An attacker with a\n local account with a root privilege, can leverage this\n vulnerability to escalate privileges and execute code\n in the context of the kernel.(CVE-2021-20292)A flaw was\n found in the Nosy driver in the Linux kernel. This\n issue allows a device to be inserted twice into a\n doubly-linked list, leading to a use-after-free when\n one of these devices is removed. The highest threat\n from this vulnerability is to confidentiality,\n integrity, as well as system availability. Versions\n before kernel 5.12-rc6 are affected(CVE-2021-3483)In\n drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux\n kernel through 5.11.8, the RPA PCI Hotplug driver has a\n user-tolerable buffer overflow when writing a new\n device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame\n directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination,\n aka CID-cc7a0bb058b8.(CVE-2021-28972)A race condition\n was discovered in get_old_root in fs/btrfs/ctree.c in\n the Linux kernel through 5.11.8. It allows attackers to\n cause a denial of service (BUG) because of a lack of\n locking on an extent buffer before a cloning operation,\n aka CID-dbcc7d57bffc.(CVE-2021-28964)An issue was\n discovered in the Linux kernel before 5.11.7.\n usbip_sockfd_store in drivers/usb/usbip/stub_dev.c\n allows attackers to cause a denial of service (GPF)\n because the stub-up sequence has race conditions during\n an update of the local and shared status, aka\n CID-9380afd6df70.(CVE-2021-29265)The fix for XSA-365\n includes initialization of pointers such that\n subsequent cleanup code wouldn't use uninitialized or\n stale values. This initialization went too far and may\n under certain conditions also overwrite pointers which\n are in need of cleaning up. The lack of cleanup would\n result in leaking persistent grants. The leak in turn\n would prevent fully cleaning up after a respective\n guest has died, leaving around zombie domains. All\n Linux versions having the fix for XSA-365 applied are\n vulnerable. XSA-365 was classified to affect versions\n back to at least 3.11.(CVE-2021-28688)An issue was\n discovered in the Linux kernel before 5.11.3 when a\n webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak\n for large arguments, aka\n CID-fb18802a338b.(CVE-2021-30002)An issue was\n discovered in the Linux kernel before 5.8.10.\n virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev\n memory leak upon a kmalloc failure, aka\n CID-f65886606c2d.(CVE-2020-36312)An issue was\n discovered in the Linux kernel before 5.9.\n arch/x86/kvm/svm/sev.c allows attackers to cause a\n denial of service (soft lockup) by triggering\n destruction of a large SEV VM (which requires\n unregistering many encrypted regions), aka\n CID-7be74942f184.(CVE-2020-36311)An issue was\n discovered in the Linux kernel before 5.11.11.\n qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to\n obtain sensitive information from kernel memory because\n of a partially uninitialized data structure, aka\n CID-50535249f624.(CVE-2021-29647)An issue was\n discovered in the Linux kernel through 5.11.10.\n driverset/ethernet/freescale/gianfar.c in the Freescale\n Gianfar Ethernet driver allows attackers to cause a\n system crash because a negative fragment size is\n calculated in situations involving an rx queue overrun\n when jumbo packets are used and NAPI is enabled, aka\n CID-d8861bab48b6.(CVE-2021-29264)An out-of-bounds (OOB)\n memory access flaw was found in x25_bind in\n net/x25/af_x25.c in the Linux kernel version v5.12-rc5.\n A bounds check failure allows a local attacker with a\n user account on the system to gain access to\n out-of-bounds memory, leading to a system crash or a\n leak of internal kernel information. The highest threat\n from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2020-35519)An issue was discovered in\n the Linux kernel before 5.11.8. kernel/bpf/verifier.c\n has an off-by-one error (with a resultant integer\n underflow) affecting out-of-bounds speculation on\n pointer arithmetic, leading to side-channel attacks\n that defeat Spectre mitigations and obtain sensitive\n information from kernel memory, aka\n CID-10d2bb2e6b1d.(CVE-2020-27171)An issue was\n discovered in the Linux kernel before 5.11.8.\n kernel/bpf/verifier.c performs undesirable\n out-of-bounds speculation on pointer arithmetic,\n leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from\n kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a\n ptr_limit.(CVE-2020-27170)BPF JIT compilers in the\n Linux kernel through 5.11.12 have incorrect computation\n of branch displacements, allowing them to execute\n arbitrary code within the kernel context. This affects\n arch/x86 et/bpf_jit_comp.c and arch/x86\n et/bpf_jit_comp32.c.(CVE-2021-29154)A race condition in\n Linux kernel SCTP sockets (net/sctp/socket.c) before\n 5.12-rc8 can lead to kernel privilege escalation from\n the context of a network service or an unprivileged\n process. If sctp_destroy_sock is called without\n sock_net(sk)->sctp.addr_wq_lock then an element is\n removed from the auto_asconf_splist list without any\n proper locking. This can be exploited by an attacker\n with network service privileges to escalate to root or\n from the context of an unprivileged user directly if a\n BPF_CGROUP_INET_SOCK_CREATE is attached which denies\n creation of some SCTP socket.(CVE-2021-23133)An issue\n was discovered in the FUSE filesystem implementation in\n the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf.\n fuse_do_getattr() calls make_bad_inode() in\n inappropriate situations, causing a system crash. NOTE:\n the original fix for this vulnerability was incomplete,\n and its incompleteness is tracked as\n CVE-2021-28950.(CVE-2020-36322)An out-of-bounds (OOB)\n memory write flaw was found in list_devices in\n drivers/md/dm-ioctl.c in the Multi-device driver module\n in the Linux kernel before 5.12. A bound check failure\n allows an attacker with special user (CAP_SYS_ADMIN)\n privilege to gain access to out-of-bounds memory\n leading to a system crash or a leak of internal kernel\n information. The highest threat from this vulnerability\n is to system availability.(CVE-2021-31916)An issue was\n discovered in the Linux kernel through 5.11.x.\n kernel/bpf/verifier.c performs undesirable\n out-of-bounds speculation on pointer arithmetic,\n leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from\n kernel memory. Specifically, for sequences of pointer\n arithmetic operations, the pointer modification\n performed by the first operation is not correctly\n accounted for when restricting subsequent\n operations.(CVE-2021-29155)kernel/bpf/verifier.c in the\n Linux kernel through 5.12.1 performs undesirable\n speculative loads, leading to disclosure of stack\n content via side-channel attacks, aka CID-801c6058d14a.\n The specific concern is not protecting the BPF stack\n area against speculative loads. Also, the BPF stack can\n contain uninitialized data that might represent\n sensitive information previously operated on by the\n kernel.(CVE-2021-31829)The Linux kernel before 5.11.14\n has a use-after-free in cipso_v4_genopt in\n net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO\n refcounting for the DOI definitions is mishandled, aka\n CID-ad5d07f4a9cd. This leads to writing an arbitrary\n value.(CVE-2021-33033)kernel/bpf/verifier.c in the\n Linux kernel through 5.12.7 enforces incorrect limits\n for pointer arithmetic operations, aka\n CID-bb01a1bba579. This can be abused to perform\n out-of-bounds reads and writes in kernel memory,\n leading to local privilege escalation to root. In\n particular, there is a corner case where the off reg\n causes a masking direction change, which then results\n in an incorrect final aux->alu_limit.(CVE-2021-33200)An\n issue was discovered in the Linux kernel through\n 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can\n exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI,\n and has a length up to the maximum length of a Netlink\n message.(CVE-2021-27365)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2075\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2e9097c8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.36-vhulk1907.1.0.h1043\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h1043\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h1043\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h1043\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h1043\",\n \"kernel-tools-libs-devel-4.19.36-vhulk1907.1.0.h1043\",\n \"perf-4.19.36-vhulk1907.1.0.h1043\",\n \"python-perf-4.19.36-vhulk1907.1.0.h1043\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:26:26", "description": "The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181).\n\nCVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).\n\nCVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193).\n\nCVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170).\n\nCVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196).\n\nCVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up.\nThe lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination (bnc#1184198).\n\nCVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192).\n\nCVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775).\n\nCVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).\n\nCVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).\n\nCVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1624-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0433", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27673", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-20219", "CVE-2021-26931", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-1624-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149717", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1624-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149717);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2020-0433\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27673\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2020-36322\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-3483\",\n \"CVE-2021-20219\",\n \"CVE-2021-26931\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29155\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1624-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a\nkvm_io_bus_unregister_dev memory leak upon a kmalloc failure\n(bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that\nallowed attackers to cause a denial of service (panic) because\nnet/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a\nfull memory barrier upon the assignment of a new table value\n(bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that\nperformed undesirable out-of-bounds speculation on pointer arithmetic,\nleading to side-channel attacks that defeat Spectre mitigations and\nobtain sensitive information from kernel memory. Specifically, for\nsequences of pointer arithmetic operations, the pointer modification\nperformed by the first operation is not correctly accounted for when\nrestricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed\na set_memory_region_test infinite loop for certain nested page faults\n(bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could\nhave caused a denial of service (host OS hang) via a high rate of\nevents to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute\narbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated\nllcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind()\n(bsc#1178181).\n\nCVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed\nattackers to cause a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (which requires unregistering many\nencrypted regions) (bnc#1184511).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on\nCPU' could have occured because a retry loop continually finds the\nsame bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem\nimplementation where fuse_do_getattr() calls make_bad_inode() in\ninappropriate situations, could have caused a system crash. NOTE: the\noriginal fix for this vulnerability was incomplete, and its\nincompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists\n(bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl()\n(bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in\ndrivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker\nwith a normal user privilege could have delayed the loop and cause a\nthreat to the system availability (bnc#1184397).\n\nCVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could\nhave caused a denial of service because of a lack of locking on an\nextent buffer before a cloning operation (bnc#1184193).\n\nCVE-2021-3444: Fixed the bpf verifier as it did not properly handle\nmod32 destination register truncation when the source register was\nknown to be 0. A local attacker with the ability to load bpf programs\ncould use this gain out-of-bounds reads in kernel memory leading to\ninformation disclosure (kernel memory), and possibly out-of-bounds\nwrites that could potentially lead to code execution (bnc#1184170).\n\nCVE-2021-28971: Fixed a potential local denial of service in\nintel_pmu_drain_pebs_nhm where userspace applications can cause a\nsystem crash because the PEBS status in a PEBS record is mishandled\n(bnc#1184196).\n\nCVE-2021-28688: Fixed XSA-365 that includes initialization of pointers\nsuch that subsequent cleanup code wouldn't use uninitialized or stale\nvalues. This initialization went too far and may under certain\nconditions also overwrite pointers which are in need of cleaning up.\nThe lack of cleanup would result in leaking persistent grants. The\nleak in turn would prevent fully cleaning up after a respective guest\nhas died, leaving around zombie domains (bnc#1183646).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in\ndrivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial\nof service (GPF) because the stub-up sequence has race conditions\nduring an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in\ndrivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar\nEthernet driver that allowed attackers to cause a system crash because\na negative fragment size is calculated in situations involving an rx\nqueue overrun when jumbo packets are used and NAPI is enabled\n(bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c\nwhere the RPA PCI Hotplug driver had a user-tolerable buffer overflow\nwhen writing a new device name to the driver from userspace, allowing\nuserspace to write data to the kernel stack frame directly. This\noccurs because add_slot_store and remove_slot_store mishandle drc_name\n'\\0' termination (bnc#1184198).\n\nCVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in\nnet/qrtr/qrtr.c that allowed attackers to obtain sensitive information\nfrom kernel memory because of a partially uninitialized data structure\n(bnc#1184192).\n\nCVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an\noff-by-one error (with a resultant integer underflow) affecting\nout-of-bounds speculation on pointer arithmetic, leading to\nside-channel attacks that defeat Spectre mitigations and obtain\nsensitive information from kernel memory (bnc#1183686, bnc#1183775).\n\nCVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed\nundesirable out-of-bounds speculation on pointer arithmetic, leading\nto side-channel attacks that defeat Spectre mitigations and obtain\nsensitive information from kernel memory. This affects pointer types\nthat do not define a ptr_limit (bnc#1183686 bnc#1183775).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in\ndrivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing\nbeyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).\n\nCVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent\n(bsc#1173485, bsc#1183509).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where\na possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no\nadditional execution privileges needed. User interaction is not needed\nfor exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the\nnetback driver lacks necessary treatment of errors such as failed\nmemory allocations (as a result of changes to the handling of grant\nmapping errors). A host OS denial of service may occur during\nmisbehavior of a networking frontend driver. NOTE: this issue exists\nbecause of an incomplete fix for CVE-2021-26931 (bnc#1183022,\nbnc#1183069).\n\nCVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree\n(bsc#1179454).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that\ndoes not have appropriate length constraints or checks, and can exceed\nthe PAGE_SIZE value. An unprivileged user can send a Netlink message\nthat is associated with iSCSI, and has a length up to the maximum\nlength of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could\nhave been used to determine the address of the iscsi_transport\nstructure. When an iSCSI transport is registered with the iSCSI\nsubsystem, the transport's handle is available to unprivileged users\nvia the sysfs file system, at\n/sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the\nshow_transport_handle function (in\ndrivers/scsi/scsi_transport_iscsi.c) is called, which leaks the\nhandle. This handle is actually the pointer to an iscsi_transport\nstruct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c\nwhere an unprivileged user can craft Netlink messages (bnc#1182717).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0433/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25670/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25671/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25672/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27170/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27171/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35519/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36310/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36312/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36322/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20219/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28950/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28964/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28971/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29155/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29647/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29650/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3428/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3483/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211624-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38d85273\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Manager Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1624=1\n\nSUSE Manager Retail Branch Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1624=1\n\nSUSE Manager Proxy 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1624=1\n\nSUSE Linux Enterprise Server for SAP 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1624=1\n\nSUSE Linux Enterprise Server 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1624=1\n\nSUSE Linux Enterprise Server 15-SP1-BCL :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1624=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-1624=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1624=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1624=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1624=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2021-1624=1\n\nSUSE CaaS Platform 4.0 :\n\nTo install this update, use the SUSE CaaS Platform 'skuba' tool. I\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.89.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:27:12", "description": "The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181).\n\nCVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).\n\nCVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193).\n\nCVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170).\n\nCVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196).\n\nCVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up.\nThe lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination (bnc#1184198).\n\nCVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192).\n\nCVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775).\n\nCVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).\n\nCVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).\n\nCVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-13T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1573-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0433", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27673", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-20219", "CVE-2021-26931", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-1573-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149462", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1573-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149462);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2020-0433\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27673\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2020-36322\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-3483\",\n \"CVE-2021-20219\",\n \"CVE-2021-26931\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29155\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1573-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a\nkvm_io_bus_unregister_dev memory leak upon a kmalloc failure\n(bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that\nallowed attackers to cause a denial of service (panic) because\nnet/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a\nfull memory barrier upon the assignment of a new table value\n(bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that\nperformed undesirable out-of-bounds speculation on pointer arithmetic,\nleading to side-channel attacks that defeat Spectre mitigations and\nobtain sensitive information from kernel memory. Specifically, for\nsequences of pointer arithmetic operations, the pointer modification\nperformed by the first operation is not correctly accounted for when\nrestricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed\na set_memory_region_test infinite loop for certain nested page faults\n(bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could\nhave caused a denial of service (host OS hang) via a high rate of\nevents to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute\narbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated\nllcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind()\n(bsc#1178181).\n\nCVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed\nattackers to cause a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (which requires unregistering many\nencrypted regions) (bnc#1184511).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on\nCPU' could have occured because a retry loop continually finds the\nsame bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem\nimplementation where fuse_do_getattr() calls make_bad_inode() in\ninappropriate situations, could have caused a system crash. NOTE: the\noriginal fix for this vulnerability was incomplete, and its\nincompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists\n(bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl()\n(bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in\ndrivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker\nwith a normal user privilege could have delayed the loop and cause a\nthreat to the system availability (bnc#1184397).\n\nCVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could\nhave caused a denial of service because of a lack of locking on an\nextent buffer before a cloning operation (bnc#1184193).\n\nCVE-2021-3444: Fixed the bpf verifier as it did not properly handle\nmod32 destination register truncation when the source register was\nknown to be 0. A local attacker with the ability to load bpf programs\ncould use this gain out-of-bounds reads in kernel memory leading to\ninformation disclosure (kernel memory), and possibly out-of-bounds\nwrites that could potentially lead to code execution (bnc#1184170).\n\nCVE-2021-28971: Fixed a potential local denial of service in\nintel_pmu_drain_pebs_nhm where userspace applications can cause a\nsystem crash because the PEBS status in a PEBS record is mishandled\n(bnc#1184196).\n\nCVE-2021-28688: Fixed XSA-365 that includes initialization of pointers\nsuch that subsequent cleanup code wouldn't use uninitialized or stale\nvalues. This initialization went too far and may under certain\nconditions also overwrite pointers which are in need of cleaning up.\nThe lack of cleanup would result in leaking persistent grants. The\nleak in turn would prevent fully cleaning up after a respective guest\nhas died, leaving around zombie domains (bnc#1183646).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in\ndrivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial\nof service (GPF) because the stub-up sequence has race conditions\nduring an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in\ndrivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar\nEthernet driver that allowed attackers to cause a system crash because\na negative fragment size is calculated in situations involving an rx\nqueue overrun when jumbo packets are used and NAPI is enabled\n(bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c\nwhere the RPA PCI Hotplug driver had a user-tolerable buffer overflow\nwhen writing a new device name to the driver from userspace, allowing\nuserspace to write data to the kernel stack frame directly. This\noccurs because add_slot_store and remove_slot_store mishandle drc_name\n'\\0' termination (bnc#1184198).\n\nCVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in\nnet/qrtr/qrtr.c that allowed attackers to obtain sensitive information\nfrom kernel memory because of a partially uninitialized data structure\n(bnc#1184192).\n\nCVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an\noff-by-one error (with a resultant integer underflow) affecting\nout-of-bounds speculation on pointer arithmetic, leading to\nside-channel attacks that defeat Spectre mitigations and obtain\nsensitive information from kernel memory (bnc#1183686, bnc#1183775).\n\nCVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed\nundesirable out-of-bounds speculation on pointer arithmetic, leading\nto side-channel attacks that defeat Spectre mitigations and obtain\nsensitive information from kernel memory. This affects pointer types\nthat do not define a ptr_limit (bnc#1183686 bnc#1183775).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in\ndrivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing\nbeyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).\n\nCVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent\n(bsc#1173485, bsc#1183509).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where\na possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no\nadditional execution privileges needed. User interaction is not needed\nfor exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the\nnetback driver lacks necessary treatment of errors such as failed\nmemory allocations (as a result of changes to the handling of grant\nmapping errors). A host OS denial of service may occur during\nmisbehavior of a networking frontend driver. NOTE: this issue exists\nbecause of an incomplete fix for CVE-2021-26931 (bnc#1183022,\nbnc#1183069).\n\nCVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree\n(bsc#1179454).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that\ndoes not have appropriate length constraints or checks, and can exceed\nthe PAGE_SIZE value. An unprivileged user can send a Netlink message\nthat is associated with iSCSI, and has a length up to the maximum\nlength of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could\nhave been used to determine the address of the iscsi_transport\nstructure. When an iSCSI transport is registered with the iSCSI\nsubsystem, the transport's handle is available to unprivileged users\nvia the sysfs file system, at\n/sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the\nshow_transport_handle function (in\ndrivers/scsi/scsi_transport_iscsi.c) is called, which leaks the\nhandle. This handle is actually the pointer to an iscsi_transport\nstruct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c\nwhere an unprivileged user can craft Netlink messages (bnc#1182717).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0433/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25670/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25671/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25672/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27170/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27171/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35519/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36310/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36312/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36322/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20219/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28950/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28964/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28971/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29155/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29647/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29650/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3428/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3483/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211573-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?78e5e7d1\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1573=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2021-1573=1\n\nSUSE Linux Enterprise Module for Live Patching 15 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-1573=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-1573=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-1573=1\n\nSUSE Linux Enterprise High Availability 15 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-2021-1573=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-base-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-debuginfo-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-debugsource-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-devel-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-obs-build-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-obs-build-debugsource-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-syms-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-base-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-debugsource-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"reiserfs-kmp-default-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-150.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-14T14:47:04", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4356 advisory.\n\n - Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.\n (CVE-2019-14615)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427)\n\n - Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access. (CVE-2020-24502)\n\n - Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access.\n (CVE-2020-24503)\n\n - Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.\n (CVE-2020-24504)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\n (CVE-2020-24586)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.\n Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)\n\n - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. (CVE-2020-26139)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. (CVE-2020-26140)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data- confidentiality protocol. (CVE-2020-26141)\n\n - An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. (CVE-2020-26143)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (CVE-2020-26144)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (CVE-2020-26145)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design. (CVE-2020-26146)\n\n - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777)\n\n - An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. (CVE-2020-29368)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. (CVE-2020-36312)\n\n - An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of- bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. (CVE-2020-36386)\n\n - Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. (CVE-2021-0129)\n\n - nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after- free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348)\n\n - The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (bpf, ringbuf: Deny reserve of buffers larger than ringbuf) (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (bpf: Implement BPF ring buffer and verifier support for it) (v5.8-rc1). (CVE-2021-3489)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\n - A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.\n (CVE-2021-3635)\n\n - A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.\n (CVE-2021-3679)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. (CVE-2021-20194)\n\n - A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. (CVE-2021-20239)\n\n - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. (CVE-2021-23133)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. (CVE-2021-29646)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them.\n An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661. (CVE-2021-31440)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.\n (CVE-2021-33200)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel (ALSA-2021:4356)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14615", "CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732"], "modified": "2023-11-13T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bpftool", "p-cpe:/a:alma:linux:kernel", "p-cpe:/a:alma:linux:kernel-abi-stablelists", "p-cpe:/a:alma:linux:kernel-core", "p-cpe:/a:alma:linux:kernel-cross-headers", "p-cpe:/a:alma:linux:kernel-debug", "p-cpe:/a:alma:linux:kernel-debug-core", "p-cpe:/a:alma:linux:kernel-debug-devel", "p-cpe:/a:alma:linux:kernel-debug-modules", "p-cpe:/a:alma:linux:kernel-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-devel", "p-cpe:/a:alma:linux:kernel-headers", "p-cpe:/a:alma:linux:kernel-modules", "p-cpe:/a:alma:linux:kernel-modules-extra", "p-cpe:/a:alma:linux:kernel-tools", "p-cpe:/a:alma:linux:kernel-tools-libs", "p-cpe:/a:alma:linux:kernel-tools-libs-devel", "p-cpe:/a:alma:linux:perf", "p-cpe:/a:alma:linux:python3-perf", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-4356.NASL", "href": "https://www.tenable.com/plugins/nessus/157497", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:4356.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157497);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/13\");\n\n script_cve_id(\n \"CVE-2019-14615\",\n \"CVE-2020-0427\",\n \"CVE-2020-24502\",\n \"CVE-2020-24503\",\n \"CVE-2020-24504\",\n \"CVE-2020-24586\",\n \"CVE-2020-24587\",\n \"CVE-2020-24588\",\n \"CVE-2020-26139\",\n \"CVE-2020-26140\",\n \"CVE-2020-26141\",\n \"CVE-2020-26143\",\n \"CVE-2020-26144\",\n \"CVE-2020-26145\",\n \"CVE-2020-26146\",\n \"CVE-2020-26147\",\n \"CVE-2020-27777\",\n \"CVE-2020-29368\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\",\n \"CVE-2020-36312\",\n \"CVE-2020-36386\",\n \"CVE-2021-0129\",\n \"CVE-2021-3348\",\n \"CVE-2021-3489\",\n \"CVE-2021-3564\",\n \"CVE-2021-3573\",\n \"CVE-2021-3600\",\n \"CVE-2021-3635\",\n \"CVE-2021-3659\",\n \"CVE-2021-3679\",\n \"CVE-2021-3732\",\n \"CVE-2021-20194\",\n \"CVE-2021-20239\",\n \"CVE-2021-23133\",\n \"CVE-2021-28950\",\n \"CVE-2021-28971\",\n \"CVE-2021-29155\",\n \"CVE-2021-29646\",\n \"CVE-2021-29650\",\n \"CVE-2021-31440\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\",\n \"CVE-2021-33200\"\n );\n script_xref(name:\"ALSA\", value:\"2021:4356\");\n script_xref(name:\"IAVA\", value:\"2021-A-0223-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0222-S\");\n\n script_name(english:\"AlmaLinux 8 : kernel (ALSA-2021:4356)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:4356 advisory.\n\n - Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor\n Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.\n (CVE-2019-14615)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could\n lead to local information disclosure with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171\n (CVE-2020-0427)\n\n - Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4\n and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial\n of service via local access. (CVE-2020-24502)\n\n - Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4\n may allow an authenticated user to potentially enable information disclosure via local access.\n (CVE-2020-24503)\n\n - Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version\n 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.\n (CVE-2020-24504)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a\n network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP,\n CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\n (CVE-2020-24586)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary\n can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP,\n CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.\n Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an\n adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)\n\n - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other\n clients even though the sender has not yet successfully authenticated to the AP. This might be abused in\n projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier\n to exploit other vulnerabilities in connected clients. (CVE-2020-26139)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and\n WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to\n inject arbitrary data frames independent of the network configuration. (CVE-2020-26140)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation\n does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can\n abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-\n confidentiality protocol. (CVE-2020-26141)\n\n - An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and\n WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can\n abuse this to inject arbitrary data frames independent of the network configuration. (CVE-2020-26143)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3\n implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042\n (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets\n independent of the network configuration. (CVE-2020-26144)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3\n implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process\n them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets\n independent of the network configuration. (CVE-2020-26145)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations\n reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate\n selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the\n WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by\n design. (CVE-2020-26146)\n\n - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble\n fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject\n packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP,\n CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked\n down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to further increase their privileges to that of a\n running kernel. (CVE-2020-27777)\n\n - An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The\n copy-on-write implementation can grant unintended write access because of a race condition in a THP\n mapcount check, aka CID-c444eb564fb1. (CVE-2020-29368)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a\n kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. (CVE-2020-36312)\n\n - An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-\n bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. (CVE-2020-36386)\n\n - Improper access control in BlueZ may allow an authenticated user to potentially enable information\n disclosure via adjacent access. (CVE-2021-0129)\n\n - nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-\n free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a\n certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348)\n\n - The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size\n was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel\n and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (bpf, ringbuf: Deny\n reserve of buffers larger than ringbuf) (v5.13-rc4) and backported to the stable kernels in v5.12.4,\n v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (bpf: Implement BPF ring buffer and verifier\n support for it) (v5.8-rc1). (CVE-2021-3489)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in\n the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the\n system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way\n user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev()\n together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(),\n hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their\n privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\n - A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with\n root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.\n (CVE-2021-3635)\n\n - A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was\n found in the way user uses trace ring buffer in a specific way. Only privileged local users (with\n CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.\n (CVE-2021-3679)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config\n params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y ,\n CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution,\n the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap\n overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly\n privileges escalation. (CVE-2021-20194)\n\n - A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an\n attacker with a local account to leak information about kernel internal addresses. The highest threat from\n this vulnerability is to confidentiality. (CVE-2021-20239)\n\n - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel\n privilege escalation from the context of a network service or an unprivileged process. If\n sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the\n auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network\n service privileges to escalate to root or from the context of an unprivileged user directly if a\n BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. (CVE-2021-23133)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable\n out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer\n arithmetic operations, the pointer modification performed by the first operation is not correctly\n accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does\n not properly validate certain data sizes, aka CID-0217ed2848e8. (CVE-2021-29646)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel\n 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in\n order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The\n issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them.\n An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the\n context of the kernel. Was ZDI-CAN-13661. (CVE-2021-31440)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading\n to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not\n protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized\n data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-\n device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or\n a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic\n operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel\n memory, leading to local privilege escalation to root. In particular, there is a corner case where the off\n reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.\n (CVE-2021-33200)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-4356.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3489\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14615', 'CVE-2020-0427', 'CVE-2020-24502', 'CVE-2020-24503', 'CVE-2020-24504', 'CVE-2020-24586', 'CVE-2020-24587', 'CVE-2020-24588', 'CVE-2020-26139', 'CVE-2020-26140', 'CVE-2020-26141', 'CVE-2020-26143', 'CVE-2020-26144', 'CVE-2020-26145', 'CVE-2020-26146', 'CVE-2020-26147', 'CVE-2020-27777', 'CVE-2020-29368', 'CVE-2020-29660', 'CVE-2020-36158', 'CVE-2020-36312', 'CVE-2020-36386', 'CVE-2021-0129', 'CVE-2021-3348', 'CVE-2021-3489', 'CVE-2021-3564', 'CVE-2021-3573', 'CVE-2021-3600', 'CVE-2021-3635', 'CVE-2021-3659', 'CVE-2021-3679', 'CVE-2021-3732', 'CVE-2021-20194', 'CVE-2021-20239', 'CVE-2021-23133', 'CVE-2021-28950', 'CVE-2021-28971', 'CVE-2021-29155', 'CVE-2021-29646', 'CVE-2021-29650', 'CVE-2021-31440', 'CVE-2021-31829', 'CVE-2021-31916', 'CVE-2021-33033', 'CVE-2021-33200');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2021:4356');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T15:27:36", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4140 advisory.\n\n - kernel: Intel graphics card information leak. (CVE-2019-14615)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n\n - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n\n - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n\n - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n\n - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n\n - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n\n - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n\n - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n\n - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n\n - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n\n - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n\n - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n\n - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n\n - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n\n - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)\n\n - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read- after-free (CVE-2020-29660)\n\n - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)\n\n - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c (CVE-2020-36312)\n\n - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c (CVE-2020-36386)\n\n - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n\n - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n\n - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n\n - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n\n - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)\n\n - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n\n - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n\n - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n\n - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)\n\n - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)\n\n - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n\n - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n\n - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n\n - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : kernel-rt (CESA-2021:4140)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14615", "CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732"], "modified": "2023-11-24T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:kernel-rt", "p-cpe:/a:centos:centos:kernel-rt-core", "p-cpe:/a:centos:centos:kernel-rt-debug", "p-cpe:/a:centos:centos:kernel-rt-debug-core", "p-cpe:/a:centos:centos:kernel-rt-debug-devel", "p-cpe:/a:centos:centos:kernel-rt-debug-modules", "p-cpe:/a:centos:centos:kernel-rt-debug-modules-extra", "p-cpe:/a:centos:centos:kernel-rt-devel", "p-cpe:/a:centos:centos:kernel-rt-modules", "p-cpe:/a:centos:centos:kernel-rt-modules-extra"], "id": "CENTOS8_RHSA-2021-4140.NASL", "href": "https://www.tenable.com/plugins/nessus/155070", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4140. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155070);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/24\");\n\n script_cve_id(\n \"CVE-2019-14615\",\n \"CVE-2020-0427\",\n \"CVE-2020-24502\",\n \"CVE-2020-24503\",\n \"CVE-2020-24504\",\n \"CVE-2020-24586\",\n \"CVE-2020-24587\",\n \"CVE-2020-24588\",\n \"CVE-2020-26139\",\n \"CVE-2020-26140\",\n \"CVE-2020-26141\",\n \"CVE-2020-26143\",\n \"CVE-2020-26144\",\n \"CVE-2020-26145\",\n \"CVE-2020-26146\",\n \"CVE-2020-26147\",\n \"CVE-2020-29368\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\",\n \"CVE-2020-36312\",\n \"CVE-2020-36386\",\n \"CVE-2021-0129\",\n \"CVE-2021-3348\",\n \"CVE-2021-3489\",\n \"CVE-2021-3564\",\n \"CVE-2021-3573\",\n \"CVE-2021-3600\",\n \"CVE-2021-3635\",\n \"CVE-2021-3659\",\n \"CVE-2021-3679\",\n \"CVE-2021-3732\",\n \"CVE-2021-20194\",\n \"CVE-2021-20239\",\n \"CVE-2021-23133\",\n \"CVE-2021-28950\",\n \"CVE-2021-28971\",\n \"CVE-2021-29155\",\n \"CVE-2021-29646\",\n \"CVE-2021-29650\",\n \"CVE-2021-31440\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\",\n \"CVE-2021-33200\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4140\");\n script_xref(name:\"IAVA\", value:\"2021-A-0223-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0222-S\");\n\n script_name(english:\"CentOS 8 : kernel-rt (CESA-2021:4140)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:4140 advisory.\n\n - kernel: Intel graphics card information leak. (CVE-2019-14615)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n\n - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n\n - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n\n - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n\n - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n\n - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n\n - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n\n - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n\n - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n\n - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n\n - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n\n - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n\n - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n\n - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n\n - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in\n a THP mapcount check (CVE-2020-29368)\n\n - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-\n after-free (CVE-2020-29660)\n\n - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in\n drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)\n\n - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c\n (CVE-2020-36312)\n\n - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c\n (CVE-2020-36386)\n\n - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n\n - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n\n - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n\n - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n\n - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode\n (CVE-2021-28950)\n\n - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n\n - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds\n loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n\n - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c\n and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n\n - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content\n of kernel memory (CVE-2021-31829)\n\n - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations\n by BPF verifier (CVE-2021-33200)\n\n - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n\n - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n\n - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n\n - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files\n (CVE-2021-3732)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3489\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14615', 'CVE-2020-0427', 'CVE-2020-24502', 'CVE-2020-24503', 'CVE-2020-24504', 'CVE-2020-24586', 'CVE-2020-24587', 'CVE-2020-24588', 'CVE-2020-26139', 'CVE-2020-26140', 'CVE-2020-26141', 'CVE-2020-26143', 'CVE-2020-26144', 'CVE-2020-26145', 'CVE-2020-26146', 'CVE-2020-26147', 'CVE-2020-29368', 'CVE-2020-29660', 'CVE-2020-36158', 'CVE-2020-36312', 'CVE-2020-36386', 'CVE-2021-0129', 'CVE-2021-3348', 'CVE-2021-3489', 'CVE-2021-3564', 'CVE-2021-3573', 'CVE-2021-3600', 'CVE-2021-3635', 'CVE-2021-3659', 'CVE-2021-3679', 'CVE-2021-3732', 'CVE-2021-20194', 'CVE-2021-20239', 'CVE-2021-23133', 'CVE-2021-28950', 'CVE-2021-28971', 'CVE-2021-29155', 'CVE-2021-29646', 'CVE-2021-29650', 'CVE-2021-31440', 'CVE-2021-31829', 'CVE-2021-31916', 'CVE-2021-33033', 'CVE-2021-33200');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for CESA-2021:4140');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'kernel-rt-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T15:28:16", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4356 advisory.\n\n - kernel: Intel graphics card information leak. (CVE-2019-14615)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n\n - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n\n - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n\n - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n\n - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n\n - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n\n - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n\n - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n\n - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n\n - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n\n - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n\n - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n\n - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n\n - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n\n - kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n\n - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)\n\n - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read- after-free (CVE-2020-29660)\n\n - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)\n\n - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c (CVE-2020-36312)\n\n - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c (CVE-2020-36386)\n\n - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n\n - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n\n - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n\n - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n\n - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)\n\n - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n\n - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n\n - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n\n - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)\n\n - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)\n\n - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n\n - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n\n - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n\n - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : kernel (CESA-2021:4356)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14615", "CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732"], "modified": "2023-11-24T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-stablelists", "p-cpe:/a:centos:centos:kernel-core", "p-cpe:/a:centos:centos:kernel-cross-headers", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-core", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-debug-modules", "p-cpe:/a:centos:centos:kernel-debug-modules-extra", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-modules", "p-cpe:/a:centos:centos:kernel-modules-extra", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python3-perf"], "id": "CENTOS8_RHSA-2021-4356.NASL", "href": "https://www.tenable.com/plugins/nessus/155145", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4356. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155145);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/24\");\n\n script_cve_id(\n \"CVE-2019-14615\",\n \"CVE-2020-0427\",\n \"CVE-2020-24502\",\n \"CVE-2020-24503\",\n \"CVE-2020-24504\",\n \"CVE-2020-24586\",\n \"CVE-2020-24587\",\n \"CVE-2020-24588\",\n \"CVE-2020-26139\",\n \"CVE-2020-26140\",\n \"CVE-2020-26141\",\n \"CVE-2020-26143\",\n \"CVE-2020-26144\",\n \"CVE-2020-26145\",\n \"CVE-2020-26146\",\n \"CVE-2020-26147\",\n \"CVE-2020-27777\",\n \"CVE-2020-29368\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\",\n \"CVE-2020-36312\",\n \"CVE-2020-36386\",\n \"CVE-2021-0129\",\n \"CVE-2021-3348\",\n \"CVE-2021-3489\",\n \"CVE-2021-3564\",\n \"CVE-2021-3573\",\n \"CVE-2021-3600\",\n \"CVE-2021-3635\",\n \"CVE-2021-3659\",\n \"CVE-2021-3679\",\n \"CVE-2021-3732\",\n \"CVE-2021-20194\",\n \"CVE-2021-20239\",\n \"CVE-2021-23133\",\n \"CVE-2021-28950\",\n \"CVE-2021-28971\",\n \"CVE-2021-29155\",\n \"CVE-2021-29646\",\n \"CVE-2021-29650\",\n \"CVE-2021-31440\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\",\n \"CVE-2021-33200\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4356\");\n script_xref(name:\"IAVA\", value:\"2021-A-0223-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0222-S\");\n\n script_name(english:\"CentOS 8 : kernel (CESA-2021:4356)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:4356 advisory.\n\n - kernel: Intel graphics card information leak. (CVE-2019-14615)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n\n - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n\n - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n\n - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n\n - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n\n - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n\n - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n\n - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n\n - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n\n - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n\n - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n\n - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n\n - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n\n - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n\n - kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n\n - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in\n a THP mapcount check (CVE-2020-29368)\n\n - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-\n after-free (CVE-2020-29660)\n\n - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in\n drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)\n\n - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c\n (CVE-2020-36312)\n\n - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c\n (CVE-2020-36386)\n\n - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n\n - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n\n - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n\n - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n\n - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode\n (CVE-2021-28950)\n\n - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n\n - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds\n loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n\n - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c\n and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n\n - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content\n of kernel memory (CVE-2021-31829)\n\n - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations\n by BPF verifier (CVE-2021-33200)\n\n - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n\n - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n\n - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n\n - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files\n (CVE-2021-3732)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4356\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3489\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-perf\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14615', 'CVE-2020-0427', 'CVE-2020-24502', 'CVE-2020-24503', 'CVE-2020-24504', 'CVE-2020-24586', 'CVE-2020-24587', 'CVE-2020-24588', 'CVE-2020-26139', 'CVE-2020-26140', 'CVE-2020-26141', 'CVE-2020-26143', 'CVE-2020-26144', 'CVE-2020-26145', 'CVE-2020-26146', 'CVE-2020-26147', 'CVE-2020-27777', 'CVE-2020-29368', 'CVE-2020-29660', 'CVE-2020-36158', 'CVE-2020-36312', 'CVE-2020-36386', 'CVE-2021-0129', 'CVE-2021-3348', 'CVE-2021-3489', 'CVE-2021-3564', 'CVE-2021-3573', 'CVE-2021-3600', 'CVE-2021-3635', 'CVE-2021-3659', 'CVE-2021-3679', 'CVE-2021-3732', 'CVE-2021-20194', 'CVE-2021-20239', 'CVE-2021-23133', 'CVE-2021-28950', 'CVE-2021-28971', 'CVE-2021-29155', 'CVE-2021-29646', 'CVE-2021-29650', 'CVE-2021-31440', 'CVE-2021-31829', 'CVE-2021-31916', 'CVE-2021-33033', 'CVE-2021-33200');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for CESA-2021:4356');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T15:28:16", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4140 advisory.\n\n - kernel: Intel graphics card information leak. (CVE-2019-14615)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n\n - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n\n - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n\n - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n\n - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n\n - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n\n - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n\n - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n\n - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n\n - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n\n - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n\n - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n\n - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n\n - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n\n - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)\n\n - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read- after-free (CVE-2020-29660)\n\n - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)\n\n - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c (CVE-2020-36312)\n\n - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c (CVE-2020-36386)\n\n - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n\n - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n\n - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n\n - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n\n - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)\n\n - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n\n - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n\n - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n\n - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)\n\n - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)\n\n - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n\n - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n\n - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n\n - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2021:4140)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14615", "CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732"], "modified": "2023-11-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2021-4140.NASL", "href": "https://www.tenable.com/plugins/nessus/155172", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4140. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155172);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/24\");\n\n script_cve_id(\n \"CVE-2019-14615\",\n \"CVE-2020-0427\",\n \"CVE-2020-24502\",\n \"CVE-2020-24503\",\n \"CVE-2020-24504\",\n \"CVE-2020-24586\",\n \"CVE-2020-24587\",\n \"CVE-2020-24588\",\n \"CVE-2020-26139\",\n \"CVE-2020-26140\",\n \"CVE-2020-26141\",\n \"CVE-2020-26143\",\n \"CVE-2020-26144\",\n \"CVE-2020-26145\",\n \"CVE-2020-26146\",\n \"CVE-2020-26147\",\n \"CVE-2020-29368\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\",\n \"CVE-2020-36312\",\n \"CVE-2020-36386\",\n \"CVE-2021-0129\",\n \"CVE-2021-3348\",\n \"CVE-2021-3489\",\n \"CVE-2021-3564\",\n \"CVE-2021-3573\",\n \"CVE-2021-3600\",\n \"CVE-2021-3635\",\n \"CVE-2021-3659\",\n \"CVE-2021-3679\",\n \"CVE-2021-3732\",\n \"CVE-2021-20194\",\n \"CVE-2021-20239\",\n \"CVE-2021-23133\",\n \"CVE-2021-28950\",\n \"CVE-2021-28971\",\n \"CVE-2021-29155\",\n \"CVE-2021-29646\",\n \"CVE-2021-29650\",\n \"CVE-2021-31440\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\",\n \"CVE-2021-33200\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4140\");\n script_xref(name:\"IAVA\", value:\"2021-A-0223-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0222-S\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2021:4140)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:4140 advisory.\n\n - kernel: Intel graphics card information leak. (CVE-2019-14615)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n\n - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n\n - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n\n - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n\n - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n\n - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n\n - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n\n - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n\n - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n\n - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n\n - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n\n - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n\n - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n\n - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n\n - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in\n a THP mapcount check (CVE-2020-29368)\n\n - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-\n after-free (CVE-2020-29660)\n\n - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in\n drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)\n\n - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c\n (CVE-2020-36312)\n\n - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c\n (CVE-2020-36386)\n\n - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n\n - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n\n - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n\n - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n\n - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode\n (CVE-2021-28950)\n\n - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n\n - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds\n loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n\n - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c\n and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n\n - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content\n of kernel memory (CVE-2021-31829)\n\n - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations\n by BPF verifier (CVE-2021-33200)\n\n - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n\n - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n\n - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n\n - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files\n (CVE-2021-3732)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-0129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1789209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1912683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1913348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1919893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1921958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1923636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1945345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1945388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1946965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1947991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1948772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1957788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1961300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1964028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1964139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1965038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1965458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1966578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1969489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1975949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1976946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1981954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1989165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1995249\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3489\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 120, 125, 200, 212, 252, 287, 290, 307, 345, 346, 362, 400, 415, 416, 476, 662, 667, 682, 772, 787, 822, 829, 835, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14615', 'CVE-2020-0427', 'CVE-2020-24502', 'CVE-2020-24503', 'CVE-2020-24504', 'CVE-2020-24586', 'CVE-2020-24587', 'CVE-2020-24588', 'CVE-2020-26139', 'CVE-2020-26140', 'CVE-2020-26141', 'CVE-2020-26143', 'CVE-2020-26144', 'CVE-2020-26145', 'CVE-2020-26146', 'CVE-2020-26147', 'CVE-2020-29368', 'CVE-2020-29660', 'CVE-2020-36158', 'CVE-2020-36312', 'CVE-2020-36386', 'CVE-2021-0129', 'CVE-2021-3348', 'CVE-2021-3489', 'CVE-2021-3564', 'CVE-2021-3573', 'CVE-2021-3600', 'CVE-2021-3635', 'CVE-2021-3659', 'CVE-2021-3679', 'CVE-2021-3732', 'CVE-2021-20194', 'CVE-2021-20239', 'CVE-2021-23133', 'CVE-2021-28950', 'CVE-2021-28971', 'CVE-2021-29155', 'CVE-2021-29646', 'CVE-2021-29650', 'CVE-2021-31440', 'CVE-2021-31829', 'CVE-2021-31916', 'CVE-2021-33033', 'CVE-2021-33200');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:4140');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-348.rt7.130.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-348.rt7.130.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-348.rt7.130.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-348.rt7.130.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-348.rt7.130.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-348.rt7.130.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-348.rt7.130.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-348.rt7.130.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-348.rt7.130.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-348.rt7.130.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-348.rt7.130.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-348.rt7.130.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-348.rt7.130.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T15:28:05", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4356 advisory.\n\n - kernel: Intel graphics card information leak. (CVE-2019-14615)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n\n - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n\n - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n\n - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n\n - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n\n - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n\n - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n\n - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n\n - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n\n - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n\n - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n\n - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n\n - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n\n - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n\n - kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n\n - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)\n\n - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read- after-free (CVE-2020-29660)\n\n - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)\n\n - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c (CVE-2020-36312)\n\n - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c (CVE-2020-36386)\n\n - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n\n - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n\n - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n\n - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n\n - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)\n\n - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n\n - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n\n - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n\n - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)\n\n - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: Improper input validation in the Intel(R) Ethernet ixgbe driver may allow an authenticated user to potentially enable DoS via local access (CVE-2021-33098)\n\n - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)\n\n - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n\n - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n\n - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n\n - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2021:4356)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14615", "CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-33098", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732"], "modified": "2023-11-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2021-4356.NASL", "href": "https://www.tenable.com/plugins/nessus/155219", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4356. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155219);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/24\");\n\n script_cve_id(\n \"CVE-2019-14615\",\n \"CVE-2020-0427\",\n \"CVE-2020-24502\",\n \"CVE-2020-24503\",\n \"CVE-2020-24504\",\n \"CVE-2020-24586\",\n \"CVE-2020-24587\",\n \"CVE-2020-24588\",\n \"CVE-2020-26139\",\n \"CVE-2020-26140\",\n \"CVE-2020-26141\",\n \"CVE-2020-26143\",\n \"CVE-2020-26144\",\n \"CVE-2020-26145\",\n \"CVE-2020-26146\",\n \"CVE-2020-26147\",\n \"CVE-2020-27777\",\n \"CVE-2020-29368\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\",\n \"CVE-2020-36312\",\n \"CVE-2020-36386\",\n \"CVE-2021-0129\",\n \"CVE-2021-3348\",\n \"CVE-2021-3489\",\n \"CVE-2021-3564\",\n \"CVE-2021-3573\",\n \"CVE-2021-3600\",\n \"CVE-2021-3635\",\n \"CVE-2021-3659\",\n \"CVE-2021-3679\",\n \"CVE-2021-3732\",\n \"CVE-2021-20194\",\n \"CVE-2021-20239\",\n \"CVE-2021-23133\",\n \"CVE-2021-28950\",\n \"CVE-2021-28971\",\n \"CVE-2021-29155\",\n \"CVE-2021-29646\",\n \"CVE-2021-29650\",\n \"CVE-2021-31440\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\",\n \"CVE-2021-33200\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4356\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2021:4356)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:4356 advisory.\n\n - kernel: Intel graphics card information leak. (CVE-2019-14615)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n\n - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n\n - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n\n - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n\n - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n\n - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n\n - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n\n - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n\n - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n\n - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n\n - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n\n - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n\n - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n\n - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n\n - kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)\n\n - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in\n a THP mapcount check (CVE-2020-29368)\n\n - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-\n after-free (CVE-2020-29660)\n\n - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in\n drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)\n\n - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c\n (CVE-2020-36312)\n\n - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c\n (CVE-2020-36386)\n\n - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n\n - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n\n - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n\n - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n\n - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode\n (CVE-2021-28950)\n\n - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)\n\n - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds\n loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n\n - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)\n\n - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c\n and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)\n\n - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n\n - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content\n of kernel memory (CVE-2021-31829)\n\n - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: Improper input validation in the Intel(R) Ethernet ixgbe driver may allow an authenticated user to\n potentially enable DoS via local access (CVE-2021-33098)\n\n - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations\n by BPF verifier (CVE-2021-33200)\n\n - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)\n\n - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n\n - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n\n - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files\n (CVE-2021-3732)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-0129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1789209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900844\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1912683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1913348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1919893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1921958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1923636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1945345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1945388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1946965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1947991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1948772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1957788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1960504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1961300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1964028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1964139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1965038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1965458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1966578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1969489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1975949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1976946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1981954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1989165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1995249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2068236\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3489\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 120, 125, 200, 212, 252, 287, 290, 307, 345, 346, 362, 400, 415, 416, 476, 662, 667, 682, 772, 787, 822, 829, 835, 862, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14615', 'CVE-2020-0427', 'CVE-2020-24502', 'CVE-2020-24503', 'CVE-2020-24504', 'CVE-2020-24586', 'CVE-2020-24587', 'CVE-2020-24588', 'CVE-2020-26139', 'CVE-2020-26140', 'CVE-2020-26141', 'CVE-2020-26143', 'CVE-2020-26144', 'CVE-2020-26145', 'CVE-2020-26146', 'CVE-2020-26147', 'CVE-2020-27777', 'CVE-2020-29368', 'CVE-2020-29660', 'CVE-2020-36158', 'CVE-2020-36312', 'CVE-2020-36386', 'CVE-2021-0129', 'CVE-2021-3348', 'CVE-2021-3489', 'CVE-2021-3564', 'CVE-2021-3573', 'CVE-2021-3600', 'CVE-2021-3635', 'CVE-2021-3659', 'CVE-2021-3679', 'CVE-2021-3732', 'CVE-2021-20194', 'CVE-2021-20239', 'CVE-2021-23133', 'CVE-2021-28950', 'CVE-2021-28971', 'CVE-2021-29155', 'CVE-2021-29646', 'CVE-2021-29650', 'CVE-2021-31440', 'CVE-2021-31829', 'CVE-2021-31916', 'CVE-2021-33033', 'CVE-2021-33098', 'CVE-2021-33200');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:4356');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.el8', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.el8', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-348.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-348.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-348.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-348.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-348.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-348.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.el8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-348.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-348.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T14:50:11", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1975-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c. (CVE-2019-18814)\n\n - In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). (CVE-2019-19769)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\n (CVE-2020-24586)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.\n Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. (CVE-2020-25670)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after- free which might lead to privilege escalations. (CVE-2020-25671)\n\n - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)\n\n - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. (CVE-2020-25673)\n\n - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. (CVE-2020-26139)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data- confidentiality protocol. (CVE-2020-26141)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (CVE-2020-26145)\n\n - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out- of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27815)\n\n - An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information.\n The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.\n (CVE-2020-36310)\n\n - An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184. (CVE-2020-36311)\n\n - An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. (CVE-2020-36312)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. (CVE-2020-36322)\n\n - An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20268)\n\n - Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. (CVE-2021-23134)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\n - An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. (CVE-2021-28375)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. (CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.\n (CVE-2021-29265)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. (CVE-2021-32399)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.\n (CVE-2021-33200)\n\n - The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 (bpf: Fix truncation handling for mod32 dst reg wrt zero) and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. (CVE-2021-3444)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (bpf, ringbuf: Deny reserve of buffers larger than ringbuf) (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (bpf: Implement BPF ring buffer and verifier support for it) (v5.8-rc1). (CVE-2021-3489)\n\n - The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e (bpf: Fix alu32 const subreg bound tracking on bitwise operations) (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 (bpf: Verifier, do explicit ALU32 bounds tracking) (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 (bpf:Fix a verifier failure with xor) ( 5.10-rc1). (CVE-2021-3490)\n\n - The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc//mem.\n This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b (io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers) (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c (io_uring: add IORING_OP_PROVIDE_BUFFERS) (v5.7-rc1). (CVE-2021-3491)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1975-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18814", "CVE-2019-19769", "CVE-2019-2308", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-26139", "CVE-2020-26141", "CVE-2020-26145", "CVE-2020-26147", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27673", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-20268", "CVE-2021-23134", "CVE-2021-26931", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28375", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28952", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-33200", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483", "CVE-2021-3489", "CVE-2021-3490", "CVE-2021-3491"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cluster-md-kmp-azure", "p-cpe:/a:novell:opensuse:dlm-kmp-azure", "p-cpe:/a:novell:opensuse:gfs2-kmp-azure", "p-cpe:/a:novell:opensuse:kernel-azure", "p-cpe:/a:novell:opensuse:kernel-azure-devel", "p-cpe:/a:novell:opensuse:kernel-azure-extra", "p-cpe:/a:novell:opensuse:kernel-azure-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-azure-optional", "p-cpe:/a:novell:opensuse:kernel-devel-azure", "p-cpe:/a:novell:opensuse:kernel-source-azure", "p-cpe:/a:novell:opensuse:kernel-syms-azure", "p-cpe:/a:novell:opensuse:kselftests-kmp-azure", "p-cpe:/a:novell:opensuse:ocfs2-kmp-azure", "p-cpe:/a:novell:opensuse:reiserfs-kmp-azure", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-1975.NASL", "href": "https://www.tenable.com/plugins/nessus/151730", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1975-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151730);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2019-18814\",\n \"CVE-2019-19769\",\n \"CVE-2020-24586\",\n \"CVE-2020-24587\",\n \"CVE-2020-24588\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-26139\",\n \"CVE-2020-26141\",\n \"CVE-2020-26145\",\n \"CVE-2020-26147\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27673\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2020-36322\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-3483\",\n \"CVE-2021-3489\",\n \"CVE-2021-3490\",\n \"CVE-2021-3491\",\n \"CVE-2021-20268\",\n \"CVE-2021-23134\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28375\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28952\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29155\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\",\n \"CVE-2021-32399\",\n \"CVE-2021-33034\",\n \"CVE-2021-33200\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1975-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1975-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse()\n fails in aa_audit_rule_init() in security/apparmor/audit.c. (CVE-2019-18814)\n\n - In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function\n (related to include/trace/events/lock.h). (CVE-2019-19769)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a\n network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP,\n CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\n (CVE-2020-24586)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary\n can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP,\n CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.\n Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an\n adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free\n which might lead to privilege escalations. (CVE-2020-25670)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-\n free which might lead to privilege escalations. (CVE-2020-25671)\n\n - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)\n\n - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak\n and eventually hanging-up the system. (CVE-2020-25673)\n\n - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other\n clients even though the sender has not yet successfully authenticated to the AP. This might be abused in\n projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier\n to exploit other vulnerabilities in connected clients. (CVE-2020-26139)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation\n does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can\n abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-\n confidentiality protocol. (CVE-2020-26141)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3\n implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process\n them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets\n independent of the network configuration. (CVE-2020-26145)\n\n - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble\n fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject\n packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP,\n CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users\n can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the\n ability to set extended attributes to panic the system, causing memory corruption or escalating\n privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-27815)\n\n - An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel\n version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to\n gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information.\n The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a\n set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.\n (CVE-2020-36310)\n\n - An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a\n denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering\n many encrypted regions), aka CID-7be74942f184. (CVE-2020-36311)\n\n - An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a\n kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. (CVE-2020-36312)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system\n crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as\n CVE-2021-28950. (CVE-2020-36322)\n\n - An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in\n the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local\n user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability\n is to confidentiality, integrity, as well as system availability. (CVE-2021-20268)\n\n - Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to\n elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local\n user with the CAP_NET_RAW capability. (CVE-2021-23134)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the\n netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of\n changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior\n of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\n - An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in\n drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka\n CID-20c40794eb85. This is a related issue to CVE-2019-2308. (CVE-2021-28375)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6\n allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases,\n CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may\n have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device\n driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This\n has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable\n out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer\n arithmetic operations, the pointer modification performed by the first operation is not correctly\n accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in\n the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment\n size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is\n enabled, aka CID-d8861bab48b6. (CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in\n drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up\n sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.\n (CVE-2021-29265)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel memory because of a partially uninitialized data\n structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI\n controller. (CVE-2021-32399)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an\n hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic\n operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel\n memory, leading to local privilege escalation to root. In particular, there is a corner case where the off\n reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.\n (CVE-2021-33200)\n\n - The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when\n the source register was known to be 0. A local attacker with the ability to load bpf programs could use\n this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and\n possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in\n the upstream kernel in commit 9b00f1b78809 (bpf: Fix truncation handling for mod32 dst reg wrt zero) and\n in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. (CVE-2021-3444)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions\n before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size\n was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel\n and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (bpf, ringbuf: Deny\n reserve of buffers larger than ringbuf) (v5.13-rc4) and backported to the stable kernels in v5.12.4,\n v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (bpf: Implement BPF ring buffer and verifier\n support for it) (v5.8-rc1). (CVE-2021-3489)\n\n - The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly\n update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and\n therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e (bpf: Fix alu32 const\n subreg bound tracking on bitwise operations) (v5.13-rc4) and backported to the stable kernels in v5.12.4,\n v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 (bpf: Verifier, do\n explicit ALU32 bounds tracking) (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 (bpf:Fix a\n verifier failure with xor) ( 5.10-rc1). (CVE-2021-3490)\n\n - The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the\n PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc//mem.\n This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was\n addressed via commit d1f82808877b (io_uring: truncate lengths larger than MAX_RW_COUNT on provide\n buffers) (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was\n introduced in ddf0322db79c (io_uring: add IORING_OP_PROVIDE_BUFFERS) (v5.7-rc1). (CVE-2021-3491)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1043990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1047233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1087082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1113295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1133021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1164648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167260\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1168777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1168838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1169709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1171295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1175995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179827\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179851\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182257\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183324\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183325\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184081\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184730\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184736\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184737\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185269\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185495\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185736\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185863\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186352\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186357\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186484\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186681\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/42KHRU57J2OGM24I4AOZ7JW6VV2BOPCV/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f54b2161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-18814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-24586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-24587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-24588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20268\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3483\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3491\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18814\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure-optional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'cluster-md-kmp-azure-5.3.18-38.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dlm-kmp-azure-5.3.18-38.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gfs2-kmp-azure-5.3.18-38.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-5.3.18-38.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-devel-5.3.18-38.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-extra-5.3.18-38.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-livepatch-devel-5.3.18-38.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-optional-5.3.18-38.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-azure-5.3.18-38.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-source-azure-5.3.18-38.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-syms-azure-5.3.18-38.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kselftests-kmp-azure-5.3.18-38.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-kmp-azure-5.3.18-38.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'reiserfs-kmp-azure-5.3.18-38.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-azure / dlm-kmp-azure / gfs2-kmp-azure / kernel-azure / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T14:51:40", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1977-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c. (CVE-2019-18814)\n\n - In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). (CVE-2019-19769)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\n (CVE-2020-24586)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.\n Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. (CVE-2020-25670)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after- free which might lead to privilege escalations. (CVE-2020-25671)\n\n - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)\n\n - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. (CVE-2020-25673)\n\n - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. (CVE-2020-26139)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data- confidentiality protocol. (CVE-2020-26141)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (CVE-2020-26145)\n\n - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out- of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27815)\n\n - An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information.\n The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.\n (CVE-2020-36310)\n\n - An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184. (CVE-2020-36311)\n\n - An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. (CVE-2020-36312)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. (CVE-2020-36322)\n\n - An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20268)\n\n - Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. (CVE-2021-23134)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\n - An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. (CVE-2021-28375)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. (CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.\n (CVE-2021-29265)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. (CVE-2021-32399)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.\n (CVE-2021-33200)\n\n - The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 (bpf: Fix truncation handling for mod32 dst reg wrt zero) and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. (CVE-2021-3444)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (bpf, ringbuf: Deny reserve of buffers larger than ringbuf) (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (bpf: Implement BPF ring buffer and verifier support for it) (v5.8-rc1). (CVE-2021-3489)\n\n - The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e (bpf: Fix alu32 const subreg bound tracking on bitwise operations) (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 (bpf: Verifier, do explicit ALU32 bounds tracking) (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 (bpf:Fix a verifier failure with xor) ( 5.10-rc1). (CVE-2021-3490)\n\n - The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc//mem.\n This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b (io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers) (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c (io_uring: add IORING_OP_PROVIDE_BUFFERS) (v5.7-rc1). (CVE-2021-3491)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1977-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18814", "CVE-2019-19769", "CVE-2019-2308", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-26139", "CVE-2020-26141", "CVE-2020-26145", "CVE-2020-26147", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27673", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-20268", "CVE-2021-23134", "CVE-2021-26931", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28375", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28952", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-33200", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483", "CVE-2021-3489", "CVE-2021-3490", "CVE-2021-3491"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cluster-md-kmp-64kb", "p-cpe:/a:novell:opensuse:cluster-md-kmp-default", "p-cpe:/a:novell:opensuse:cluster-md-kmp-preempt", "p-cpe:/a:novell:opensuse:dlm-kmp-64kb", "p-cpe:/a:novell:opensuse:dlm-kmp-default", "p-cpe:/a:novell:opensuse:dlm-kmp-preempt", "p-cpe:/a:novell:opensuse:gfs2-kmp-64kb", "p-cpe:/a:novell:opensuse:gfs2-kmp-default", "p-cpe:/a:novell:opensuse:gfs2-kmp-preempt", "p-cpe:/a:novell:opensuse:kernel-64kb", "p-cpe:/a:novell:opensuse:kernel-64kb-devel", "p-cpe:/a:novell:opensuse:kernel-64kb-extra", "p-cpe:/a:novell:opensuse:kernel-64kb-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-64kb-optional", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-extra", "p-cpe:/a:novell:opensuse:kernel-default-livepatch", "p-cpe:/a:novell:opensuse:kernel-default-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-default-optional", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-extra", "p-cpe:/a:novell:opensuse:kernel-preempt-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-optional", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-zfcpdump", "p-cpe:/a:novell:opensuse:kselftests-kmp-64kb", "p-cpe:/a:novell:opensuse:kselftests-kmp-default", "p-cpe:/a:novell:opensuse:kselftests-kmp-preempt", "p-cpe:/a:novell:opensuse:ocfs2-kmp-64kb", "p-cpe:/a:novell:opensuse:ocfs2-kmp-default", "p-cpe:/a:novell:opensuse:ocfs2-kmp-preempt", "p-cpe:/a:novell:opensuse:reiserfs-kmp-64kb", "p-cpe:/a:novell:opensuse:reiserfs-kmp-default", "p-cpe:/a:novell:opensuse:reiserfs-kmp-preempt", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-1977.NASL", "href": "https://www.tenable.com/plugins/nessus/151756", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1977-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151756);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2019-18814\",\n \"CVE-2019-19769\",\n \"CVE-2020-24586\",\n \"CVE-2020-24587\",\n \"CVE-2020-24588\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-26139\",\n \"CVE-2020-26141\",\n \"CVE-2020-26145\",\n \"CVE-2020-26147\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27673\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2020-36322\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-3483\",\n \"CVE-2021-3489\",\n \"CVE-2021-3490\",\n \"CVE-2021-3491\",\n \"CVE-2021-20268\",\n \"CVE-2021-23134\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28375\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28952\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29155\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\",\n \"CVE-2021-32399\",\n \"CVE-2021-33034\",\n \"CVE-2021-33200\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1977-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1977-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse()\n fails in aa_audit_rule_init() in security/apparmor/audit.c. (CVE-2019-18814)\n\n - In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function\n (related to include/trace/events/lock.h). (CVE-2019-19769)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a\n network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP,\n CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\n (CVE-2020-24586)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary\n can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP,\n CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.\n Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an\n adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free\n which might lead to privilege escalations. (CVE-2020-25670)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-\n free which might lead to privilege escalations. (CVE-2020-25671)\n\n - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)\n\n - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak\n and eventually hanging-up the system. (CVE-2020-25673)\n\n - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other\n clients even though the sender has not yet successfully authenticated to the AP. This might be abused in\n projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier\n to exploit other vulnerabilities in connected clients. (CVE-2020-26139)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation\n does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can\n abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-\n confidentiality protocol. (CVE-2020-26141)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3\n implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process\n them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets\n independent of the network configuration. (CVE-2020-26145)\n\n - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble\n fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject\n packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP,\n CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users\n can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\n (CVE-2020-27673)\n\n - A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the\n ability to set extended attributes to panic the system, causing memory corruption or escalating\n privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-27815)\n\n - An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel\n version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to\n gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information.\n The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a\n set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.\n (CVE-2020-36310)\n\n - An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a\n denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering\n many encrypted regions), aka CID-7be74942f184. (CVE-2020-36311)\n\n - An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a\n kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. (CVE-2020-36312)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system\n crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as\n CVE-2021-28950. (CVE-2020-36322)\n\n - An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in\n the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local\n user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability\n is to confidentiality, integrity, as well as system availability. (CVE-2021-20268)\n\n - Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to\n elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local\n user with the CAP_NET_RAW capability. (CVE-2021-23134)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the\n netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of\n changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior\n of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\n - An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in\n drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka\n CID-20c40794eb85. This is a related issue to CVE-2019-2308. (CVE-2021-28375)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6\n allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases,\n CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may\n have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device\n driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This\n has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable\n out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer\n arithmetic operations, the pointer modification performed by the first operation is not correctly\n accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in\n the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment\n size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is\n enabled, aka CID-d8861bab48b6. (CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in\n drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up\n sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.\n (CVE-2021-29265)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel memory because of a partially uninitialized data\n structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI\n controller. (CVE-2021-32399)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an\n hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic\n operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel\n memory, leading to local privilege escalation to root. In particular, there is a corner case where the off\n reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.\n (CVE-2021-33200)\n\n - The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when\n the source register was known to be 0. A local attacker with the ability to load bpf programs could use\n this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and\n possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in\n the upstream kernel in commit 9b00f1b78809 (bpf: Fix truncation handling for mod32 dst reg wrt zero) and\n in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. (CVE-2021-3444)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions\n before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size\n was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel\n and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (bpf, ringbuf: Deny\n reserve of buffers larger than ringbuf) (v5.13-rc4) and backported to the stable kernels in v5.12.4,\n v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (bpf: Implement BPF ring buffer and verifier\n support for it) (v5.8-rc1). (CVE-2021-3489)\n\n - The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly\n update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and\n therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e (bpf: Fix alu32 const\n subreg bound tracking on bitwise operations) (v5.13-rc4) and backported to the stable kernels in v5.12.4,\n v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 (bpf: Verifier, do\n explicit ALU32 bounds tracking) (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 (bpf:Fix a\n verifier failure with xor) ( 5.10-rc1). (CVE-2021-3490)\n\n - The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the\n PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc//mem.\n This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was\n addressed via commit d1f82808877b (io_uring: truncate lengths larger than MAX_RW_COUNT on provide\n buffers) (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was\n introduced in ddf0322db79c (io_uring: add IORING_OP_PROVIDE_BUFFERS) (v5.7-rc1). (CVE-2021-3491)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1087082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1113295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1133021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1164648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167260\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1168777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1168838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1169709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1171295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1175995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179827\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179851\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182257\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183324\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183509\");\n script_set_attribute(attribute:\"s