DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2020-36558", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-36558", "description": "A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.", "published": "2022-07-21T04:15:00", "modified": "2022-07-27T19:23:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.4, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36558", "reporter": "cve@mitre.org", "references": ["https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb"], "cvelist": ["CVE-2020-36558"], "immutableFields": [], "lastseen": "2023-02-09T15:22:39", "viewCount": 54, "enchantments": {"twitter": {"counter": 12, "tweets": [{"link": "https://twitter.com/ServiceToutatis/status/1549988210100559875", "text": "New vulnerability on the NVD: CVE-2020-36558 https://t.co/qveXAmMTjZ /hashtag/exploit?src=hashtag_click /hashtag/toutatis?src=hashtag_click /hashtag/darknet?src=hashtag_click /hashtag/news?src=hashtag_click", "author": "ServiceToutatis", "author_photo": "https://pbs.twimg.com/profile_images/1029512326150586370/Z4fu43g3_400x400.jpg"}, {"link": "https://twitter.com/Velletron/status/1549988481539211270", "text": "CVE-2020-36558 https://t.co/lGxpG1ID9j /hashtag/CVE?src=hashtag_click /hashtag/Vulnerability?src=hashtag_click", "author": "Velletron", "author_photo": "https://pbs.twimg.com/profile_images/933369739904192513/6M049RIA_400x400.jpg"}, {"link": "https://twitter.com/workentin/status/1549992756616896512", "text": "New vulnerability on the NVD: CVE-2020-36558 https://t.co/YJ9zRSlX9f", "author": "workentin", "author_photo": "https://pbs.twimg.com/profile_images/856910196345524225/1gfcFmS2_400x400.jpg"}, {"link": "https://twitter.com/wvdsteen/status/1549986725539233792", "text": "New vulnerability on the NVD: CVE-2020-36558 https://t.co/ddDeFpxN94 July 21, 2022 at 04:15PM", "author": "wvdsteen", "author_photo": "https://pbs.twimg.com/profile_images/1437338550580563971/1LgUJ24O_400x400.jpg"}, {"link": "https://twitter.com/CVEnew/status/1549993977398575104", "text": "CVE-2020-36558 A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. https://t.co/DE4ixF0ETf", "author": "CVEnew", "author_photo": "https://pbs.twimg.com/profile_images/1447927972393111557/PQRMlVvZ_400x400.jpg"}, {"link": "https://twitter.com/threatintelctr/status/1550053799187959808", "text": " NEW: CVE-2020-36558 A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. https://t.co/SWUoiwVTfJ", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}, {"link": "https://twitter.com/threatintelctr/status/1552379115201826818", "text": " NEW: CVE-2020-36558 A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. Severity: MEDIUM https://t.co/SWUoiwVTfJ", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}]}, "score": {"value": 3.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:7683"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-36558"]}, {"type": "ibm", "idList": ["7A31AC3AD76478BCDFF5EAFDE198D822A87AF40F80D6BE332BB307F284077425"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2022-7444.NASL", "ALMA_LINUX_ALSA-2022-7683.NASL", "EULEROS_SA-2022-2292.NASL", "EULEROS_SA-2022-2384.NASL", "EULEROS_SA-2022-2466.NASL", "EULEROS_SA-2022-2712.NASL", "ORACLELINUX_ELSA-2022-7683.NASL", "ORACLELINUX_ELSA-2022-9761.NASL", "ORACLEVM_OVMSA-2022-0024.NASL", "REDHAT-RHSA-2022-7444.NASL", "REDHAT-RHSA-2022-7683.NASL", "SUSE_SU-2022-2719-1.NASL", "SUSE_SU-2022-2720-1.NASL", "SUSE_SU-2022-2721-1.NASL", "SUSE_SU-2022-2723-1.NASL", "SUSE_SU-2022-2741-1.NASL", "SUSE_SU-2022-2809-1.NASL", "SUSE_SU-2022-2827-1.NASL", "SUSE_SU-2022-2840-1.NASL", "SUSE_SU-2022-2875-1.NASL", "SUSE_SU-2022-2892-1.NASL", "SUSE_SU-2022-2910-1.NASL", "SUSE_SU-2022-3274-1.NASL", "SUSE_SU-2022-4027-1.NASL", "SUSE_SU-2022-4129-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-7683", "ELSA-2022-9761"]}, {"type": "redhat", "idList": ["RHSA-2022:7444", "RHSA-2022:7683", "RHSA-2022:8781", "RHSA-2022:8889", "RHSA-2022:9040"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-36558"]}, {"type": "rocky", "idList": ["RLSA-2022:7444", "RLSA-2022:7683"]}, {"type": "suse", "idList": ["SUSE-SU-2022:2741-1", "SUSE-SU-2022:2827-1", "SUSE-SU-2022:2875-1", "SUSE-SU-2022:2875-2", "SUSE-SU-2022:2892-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-36558"]}, {"type": "veracode", "idList": ["VERACODE:39037"]}]}, "affected_software": {"major_version": [{"name": "linux linux kernel", "version": 5}]}, "epss": [{"cve": "CVE-2020-36558", "epss": "0.000440000", "percentile": "0.105040000", "modified": "2023-03-19"}], "vulnersScore": 3.3}, "_state": {"twitter": 0, "score": 1675961020, "dependencies": 1675960477, "affected_software_major_version": 1677366091, "epss": 1679301044}, "_internal": {"score_hash": "c0bd3b64a377d9b1653b1ff082f9b93e"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-476", "CWE-362"], "affectedSoftware": [{"cpeName": "linux:linux_kernel", "version": "5.5.7", "operator": "lt", "name": "linux linux kernel"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.5.7:*:*:*:*:*:*:*", "versionEndExcluding": "5.5.7", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7", "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7", "refsource": "MISC", "tags": ["Patch", "Release Notes", "Vendor Advisory"]}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb", "refsource": "MISC", "tags": ["Exploit", "Mailing List", "Patch", "Vendor Advisory"]}], "product_info": [{"vendor": "Linux", "product": "Linux_kernel"}]}

{"debiancve": [{"lastseen": "2023-03-30T16:44:47", "description": "A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.", "cvss3": {"exploitabilityScore": 1.4, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.1, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-21T04:15:00", "type": "debiancve", "title": "CVE-2020-36558", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-36558"], "modified": "2022-07-21T04:15:00", "id": "DEBIANCVE:CVE-2020-36558", "href": "https://security-tracker.debian.org/tracker/CVE-2020-36558", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhatcve": [{"lastseen": "2023-03-08T23:24:55", "description": "A NULL pointer dereference flaw was found in the Linux kernel\u2019s Virtual Terminal subsystem was found in how a user calls the VT_RESIZEX ioctl. This flaw allows a local user to crash the system.\n", "cvss3": {"exploitabilityScore": 1.4, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.1, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-31T17:44:38", "type": "redhatcve", "title": "CVE-2020-36558", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-36558"], "modified": "2023-03-08T21:16:46", "id": "RH:CVE-2020-36558", "href": "https://access.redhat.com/security/cve/cve-2020-36558", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2023-03-01T13:20:43", "description": "A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX\ncould lead to a NULL pointer dereference and general protection fault.", "cvss3": {"exploitabilityScore": 1.4, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.1, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2020-36558", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-36558"], "modified": "2022-07-21T00:00:00", "id": "UB:CVE-2020-36558", "href": "https://ubuntu.com/security/CVE-2020-36558", "cvss": {"score": 0.0, "vector": "NONE"}}], "veracode": [{"lastseen": "2023-02-03T12:37:56", "description": "kernel is vulnerable to Denial of Service (DoS) attacks. A race condition may lead to a NULL pointer dereference and general protection fault via `VT_RESIZEX ioctl`, resulting in an application crash.\n", "cvss3": {"exploitabilityScore": 1.4, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.1, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-28T00:46:29", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-36558"], "modified": "2023-01-31T07:51:30", "id": "VERACODE:39037", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-39037/summary", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2023-01-26T04:20:48", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.4, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.1, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2022-2712)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36557", "CVE-2020-36558"], "modified": "2022-11-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2712.NASL", "href": "https://www.tenable.com/plugins/nessus/166973", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166973);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/29\");\n\n script_cve_id(\"CVE-2020-36557\", \"CVE-2020-36558\");\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2022-2712)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2712\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?804458f3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36558\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-3.10.0-862.14.1.5.h708.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h708.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h708.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h708.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h708.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h708.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h708.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-04T03:04:52", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4027-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-17T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 31 for SLE 15) (SUSE-SU-2022:4027-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2022-2588", "CVE-2022-42703"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_95-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-4027-1.NASL", "href": "https://www.tenable.com/plugins/nessus/167773", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4027-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167773);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2022-2588\",\n \"CVE-2022-42703\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4027-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 31 for SLE 15) (SUSE-SU-2022:4027-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:4027-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204170\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-November/012949.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e696396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42703\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-4_12_14-150000_150_95-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33655\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_95-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-150000.150.95-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150000_150_95-default-4-150000.2.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-150000_150_95-default');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-23T00:10:15", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4129-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-19T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (Live Patch 26 for SLE 15) (SUSE-SU-2022:4129-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2022-2588", "CVE-2022-42703"], "modified": "2023-03-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_89-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_92-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150_78-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150_83-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150_86-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-4129-1.NASL", "href": "https://www.tenable.com/plugins/nessus/167922", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4129-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167922);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/22\");\n\n script_cve_id(\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2022-2588\",\n \"CVE-2022-42703\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4129-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (Live Patch 26 for SLE 15) (SUSE-SU-2022:4129-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:4129-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204381\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-November/013003.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8a166e06\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42703\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33655\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_89-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_92-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150_78-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150_83-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150_86-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-150.78-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150_78-default-15-150000.2.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']}\n ]\n },\n '4.12.14-150.83-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150_83-default-11-150000.2.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']}\n ]\n },\n '4.12.14-150.86-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150_86-default-10-150000.2.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']}\n ]\n },\n '4.12.14-150000.150.89-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150000_150_89-default-9-150000.2.2', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']}\n ]\n },\n '4.12.14-150000.150.92-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150000_150_92-default-6-150000.2.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-150000_150_89-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-10T19:21:09", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2720-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2720-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-36946"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-2720-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163979", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2720-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163979);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-1462\",\n \"CVE-2022-20166\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2720-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2720-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2720-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1103269\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198484\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201958\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011829.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?de29c777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-20166\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-33656\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-4.12.14-16.106.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-azure-base-4.12.14-16.106.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-azure-devel-4.12.14-16.106.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-devel-azure-4.12.14-16.106.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-source-azure-4.12.14-16.106.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-syms-azure-4.12.14-16.106.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-base / kernel-azure-devel / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-10T19:20:50", "description": "The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2719-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:2719-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-36946"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_130-default", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-2719-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163991", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2719-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163991);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-1462\",\n \"CVE-2022-20166\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2719-1\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:2719-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2719-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1103269\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198484\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201958\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011833.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f9e34232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-20166\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-33656\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_130-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-122.130.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-base-4.12.14-122.130.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-devel-4.12.14-122.130.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.130.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-we-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.130.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-we-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-man-4.12.14-122.130.1', 'sp':'5', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-devel-4.12.14-122.130.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-macros-4.12.14-122.130.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-obs-build-4.12.14-122.130.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-source-4.12.14-122.130.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-syms-4.12.14-122.130.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'cluster-md-kmp-default-4.12.14-122.130.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'dlm-kmp-default-4.12.14-122.130.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'gfs2-kmp-default-4.12.14-122.130.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'ocfs2-kmp-default-4.12.14-122.130.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'kernel-default-kgraft-4.12.14-122.130.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kernel-default-kgraft-devel-4.12.14-122.130.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kgraft-patch-4_12_14-122_130-default-1-8.3.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-10T19:22:42", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2827-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-18T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:2827-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-36946"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_120-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2827-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164252", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2827-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164252);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-1462\",\n \"CVE-2022-20166\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2827-1\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:2827-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2827-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198484\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011923.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae4ce99b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-20166\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-33656\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_120-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-devel-4.12.14-150100.197.120.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-macros-4.12.14-150100.197.120.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-source-4.12.14-150100.197.120.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-syms-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'reiserfs-kmp-default-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1']},\n {'reference':'kernel-default-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-syms-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-devel-4.12.14-150100.197.120.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'kernel-macros-4.12.14-150100.197.120.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-source-4.12.14-150100.197.120.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'kernel-syms-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-syms-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-debug-base-4.12.14-150100.197.120.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-man-4.12.14-150100.197.120.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-kvmsmall-base-4.12.14-150100.197.120.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-vanilla-4.12.14-150100.197.120.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-vanilla-base-4.12.14-150100.197.120.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-vanilla-devel-4.12.14-150100.197.120.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-vanilla-livepatch-devel-4.12.14-150100.197.120.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-zfcpdump-man-4.12.14-150100.197.120.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-debug-base-4.12.14-150100.197.120.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-man-4.12.14-150100.197.120.1', 'cpu':'s390x', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-kvmsmall-base-4.12.14-150100.197.120.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-vanilla-4.12.14-150100.197.120.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-vanilla-base-4.12.14-150100.197.120.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-vanilla-devel-4.12.14-150100.197.120.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-vanilla-livepatch-devel-4.12.14-150100.197.120.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-zfcpdump-man-4.12.14-150100.197.120.1', 'cpu':'s390x', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'cluster-md-kmp-default-4.12.14-150100.197.120.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'dlm-kmp-default-4.12.14-150100.197.120.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'gfs2-kmp-default-4.12.14-150100.197.120.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'ocfs2-kmp-default-4.12.14-150100.197.120.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'kernel-default-livepatch-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']},\n {'reference':'kernel-default-livepatch-devel-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']},\n {'reference':'kernel-livepatch-4_12_14-150100_197_120-default-1-150100.3.3.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']},\n {'reference':'kernel-default-4.12.14-150100.197.120.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.120.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.120.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-default-man-4.12.14-150100.197.120.1', 'sp':'1', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.120.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-syms-4.12.14-150100.197.120.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'reiserfs-kmp-default-4.12.14-150100.197.120.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-10T19:21:59", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2723-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2723-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36557", "CVE-2020-36558", "CVE-2021-26341", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-36946"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_98-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2723-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163996", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2723-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163996);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-26341\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-1462\",\n \"CVE-2022-20166\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2723-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2723-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2723-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198484\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011830.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?71801a09\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-20166\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-33656\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_98-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-devel-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-macros-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-source-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'reiserfs-kmp-default-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-devel-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'kernel-macros-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-source-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'cluster-md-kmp-default-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15']},\n {'reference':'dlm-kmp-default-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15']},\n {'reference':'gfs2-kmp-default-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15']},\n {'reference':'ocfs2-kmp-default-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15']},\n {'reference':'kernel-default-livepatch-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']},\n {'reference':'kernel-livepatch-4_12_14-150000_150_98-default-1-150000.1.3.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-default-man-4.12.14-150000.150.98.1', 'sp':'0', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'reiserfs-kmp-default-4.12.14-150000.150.98.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T12:44:43", "description": "The remote OracleVM system is missing necessary patches to address security updates:\n\n - In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. (CVE-2019-9213)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-07T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : kernel-uek (OVMSA-2022-0024)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9213", "CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1011", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2022-0024.NASL", "href": "https://www.tenable.com/plugins/nessus/164817", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were\n# extracted from OracleVM Security Advisory OVMSA-2022-0024.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164817);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2019-9213\",\n \"CVE-2020-36516\",\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-1011\",\n \"CVE-2022-2588\",\n \"CVE-2022-21546\"\n );\n\n script_name(english:\"OracleVM 3.4 : kernel-uek (OVMSA-2022-0024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OracleVM host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote OracleVM system is missing necessary patches to address security updates:\n\n - In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum\n address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP\n platforms. This is related to a capability check for the wrong task. (CVE-2019-9213)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in\n privilege escalation. (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2019-9213.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-36516.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-36557.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-36558.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2021-33655.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2021-33656.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2022-1011.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2022-21546.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2022-2588.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/OVMSA-2022-0024.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek / kernel-uek-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36516\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1011\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.66.3.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for OVMSA-2022-0024');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.66.3.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.66.3.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'OVS' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-firmware');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-25T06:51:14", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9761 advisory.\n\n - In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. (CVE-2019-9213)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9761)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9213", "CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1011", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2022-9761.NASL", "href": "https://www.tenable.com/plugins/nessus/164790", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9761.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164790);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2019-9213\",\n \"CVE-2020-36516\",\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-1011\",\n \"CVE-2022-2588\",\n \"CVE-2022-21546\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9761)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9761 advisory.\n\n - In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum\n address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP\n platforms. This is related to a capability check for the wrong task. (CVE-2019-9213)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in\n privilege escalation. (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9761.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36516\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1011\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.66.3.el6uek', '4.1.12-124.66.3.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9761');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.66.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.66.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.66.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.66.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.66.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.66.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.66.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.66.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.66.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.66.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.66.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.66.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-16T06:32:50", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2910-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-27T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2910-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-2639", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-rt-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-rt-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-rt_debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-rt_debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source-rt:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2910-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164466", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2910-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164466);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-1462\",\n \"CVE-2022-2639\",\n \"CVE-2022-20166\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2910-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2910-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2910-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1103269\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198484\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202312\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011997.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ad8b73e5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'dlm-kmp-rt-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'gfs2-kmp-rt-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-devel-rt-4.12.14-10.97.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt-base-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt-devel-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt_debug-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt_debug-devel-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-source-rt-4.12.14-10.97.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-syms-rt-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'ocfs2-kmp-rt-4.12.14-10.97.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-10T19:22:15", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2840-1 advisory.\n\n - In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. (CVE-2020-15393)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel (CVE-2021-39713)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-20T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2840-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15393", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2021-39713", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-36946"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-2840-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164307", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2840-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164307);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-15393\",\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2021-39713\",\n \"CVE-2022-1462\",\n \"CVE-2022-2318\",\n \"CVE-2022-20166\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2840-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2840-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2840-1 advisory.\n\n - In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak,\n aka CID-28ebeb8db770. (CVE-2020-15393)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel\n (CVE-2021-39713)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011942.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0e3aec5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39713\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-33742\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.4.180-94.171.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-default-base-4.4.180-94.171.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-default-devel-4.4.180-94.171.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-devel-4.4.180-94.171.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-macros-4.4.180-94.171.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-source-4.4.180-94.171.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-syms-4.4.180-94.171.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-10T19:21:11", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2721-1 advisory.\n\n - In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. (CVE-2020-15393)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel (CVE-2021-39713)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2721-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15393", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2021-39713", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-36946"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-2721-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163994", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2721-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163994);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-15393\",\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2021-39713\",\n \"CVE-2022-1462\",\n \"CVE-2022-2318\",\n \"CVE-2022-20166\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2721-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2721-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2721-1 advisory.\n\n - In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak,\n aka CID-28ebeb8db770. (CVE-2020-15393)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel\n (CVE-2021-39713)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011828.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?70eee337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39713\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-33742\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.4.121-92.181.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-default-base-4.4.121-92.181.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-default-devel-4.4.121-92.181.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-devel-4.4.121-92.181.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-macros-4.4.121-92.181.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-source-4.4.121-92.181.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-syms-4.4.121-92.181.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T14:26:38", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3274-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-15T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3274-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-4203", "CVE-2022-20166", "CVE-2022-20368", "CVE-2022-20369", "CVE-2022-21385", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-2977", "CVE-2022-3028", "CVE-2022-36879", "CVE-2022-36946"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-man:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-kgraft:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-kgraft-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_108-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3274-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165189", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3274-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165189);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-4203\",\n \"CVE-2022-2588\",\n \"CVE-2022-2639\",\n \"CVE-2022-2977\",\n \"CVE-2022-3028\",\n \"CVE-2022-20166\",\n \"CVE-2022-20368\",\n \"CVE-2022-20369\",\n \"CVE-2022-21385\",\n \"CVE-2022-26373\",\n \"CVE-2022-36879\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3274-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3274-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3274-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where\n virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-\n free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)\n when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to\n potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read\n and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203098\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012234.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c588e473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4203\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2977\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_108-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-95.108.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-default-base-4.12.14-95.108.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-default-devel-4.12.14-95.108.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-devel-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-macros-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-source-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-syms-4.12.14-95.108.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'cluster-md-kmp-default-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'dlm-kmp-default-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'gfs2-kmp-default-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'ocfs2-kmp-default-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'kernel-default-kgraft-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kernel-default-kgraft-devel-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kgraft-patch-4_12_14-95_108-default-1-6.3.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kernel-default-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-base-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-devel-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-man-4.12.14-95.108.1', 'sp':'4', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-devel-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-macros-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-source-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-syms-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2023-03-03T00:53:53", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.\n (CVE-2022-0812)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2022-2466)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-0812", "CVE-2022-20154", "CVE-2022-20166", "CVE-2022-20368", "CVE-2022-2503", "CVE-2022-2588", "CVE-2022-2639", "CVE-2022-32250", "CVE-2022-34918", "CVE-2022-36879", "CVE-2022-36946"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2466.NASL", "href": "https://www.tenable.com/plugins/nessus/165864", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165864);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-0812\",\n \"CVE-2022-2503\",\n \"CVE-2022-2588\",\n \"CVE-2022-2639\",\n \"CVE-2022-20154\",\n \"CVE-2022-20166\",\n \"CVE-2022-20368\",\n \"CVE-2022-34918\",\n \"CVE-2022-36879\",\n \"CVE-2022-36946\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2022-2466)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux\n Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.\n (CVE-2022-0812)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to\n restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently\n allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass\n verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and\n unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for\n peripherals that do not verify firmware updates. We recommend upgrading past commit\n 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2466\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9bc7f209\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"bpftool-4.19.36-vhulk1907.1.0.h1306.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h1306.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h1306.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h1306.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h1306.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h1306.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h1306.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h1306.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h1306.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T22:36:45", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2892-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. (CVE-2022-1116)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel lockdown was enabled (CVE-2022-21505) (CVE-2022-21505)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-26T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2892-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1116", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-21505", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-2639", "CVE-2022-29581", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-36946"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:kernel-devel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-source-rt", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2892-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164448", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2892-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164448);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-1116\",\n \"CVE-2022-1462\",\n \"CVE-2022-2318\",\n \"CVE-2022-2639\",\n \"CVE-2022-20166\",\n \"CVE-2022-21505\",\n \"CVE-2022-26365\",\n \"CVE-2022-29581\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2892-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2892-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2892-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause\n memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to\n 5.4.189; version 5.4.24 and later versions. (CVE-2022-1116)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel\n lockdown was enabled (CVE-2022-21505) (CVE-2022-21505)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202312\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011993.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3acdf8ed\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-5.3.18-150300.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'dlm-kmp-rt-5.3.18-150300.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'gfs2-kmp-rt-5.3.18-150300.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-devel-rt-5.3.18-150300.99.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-rt-5.3.18-150300.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-rt-devel-5.3.18-150300.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-rt_debug-devel-5.3.18-150300.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-source-rt-5.3.18-150300.99.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-syms-rt-5.3.18-150300.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'ocfs2-kmp-rt-5.3.18-150300.99.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-22T02:45:33", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2741-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. (CVE-2022-1116)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-21505)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-11T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:2741-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-0171", "CVE-2022-1116", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-21505", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-29581", "CVE-2022-32250", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-36946"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2741-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164061", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2741-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164061);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-1116\",\n \"CVE-2022-1462\",\n \"CVE-2022-2318\",\n \"CVE-2022-20166\",\n \"CVE-2022-21505\",\n \"CVE-2022-26365\",\n \"CVE-2022-29581\",\n \"CVE-2022-32250\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2741-1\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:2741-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2741-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause\n memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to\n 5.4.189; version 5.4.24 and later versions. (CVE-2022-1116)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root\n (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD\n CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-21505)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201958\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011866.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?679b3ff7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32250\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.3)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-5.3.18-150300.38.75.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-azure-devel-5.3.18-150300.38.75.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-azure-5.3.18-150300.38.75.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-azure-5.3.18-150300.38.75.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-azure-5.3.18-150300.38.75.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'cluster-md-kmp-azure-5.3.18-150300.38.75.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-azure-5.3.18-150300.38.75.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-azure-5.3.18-150300.38.75.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-5.3.18-150300.38.75.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-devel-5.3.18-150300.38.75.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-extra-5.3.18-150300.38.75.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-livepatch-devel-5.3.18-150300.38.75.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-optional-5.3.18-150300.38.75.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-devel-azure-5.3.18-150300.38.75.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-source-azure-5.3.18-150300.38.75.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-syms-azure-5.3.18-150300.38.75.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-azure-5.3.18-150300.38.75.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-azure-5.3.18-150300.38.75.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-azure-5.3.18-150300.38.75.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-azure / dlm-kmp-azure / gfs2-kmp-azure / kernel-azure / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-02T04:38:18", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. (CVE-2022-2153)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-2292)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1789", "CVE-2022-20132", "CVE-2022-20154", "CVE-2022-20166", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-2153", "CVE-2022-26365", "CVE-2022-32250", "CVE-2022-32296", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-34918"], "modified": "2023-01-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2292.NASL", "href": "https://www.tenable.com/plugins/nessus/165049", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165049);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-1789\",\n \"CVE-2022-2153\",\n \"CVE-2022-20132\",\n \"CVE-2022-20154\",\n \"CVE-2022-20166\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21166\",\n \"CVE-2022-26365\",\n \"CVE-2022-32296\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-34918\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-2292)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID\n is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it\n possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This\n flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel\n oops condition that results in a denial of service. (CVE-2022-2153)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2292\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9697a0a1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.18.0-147.5.1.6.h806.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.6.h806.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.6.h806.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.6.h806.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-22T08:38:00", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2875-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. (CVE-2022-1116)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-21505)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-24T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:2875-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-0171", "CVE-2022-1116", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-21505", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-2639", "CVE-2022-29581", "CVE-2022-32250", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-36946"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-64kb", "p-cpe:/a:novell:suse_linux:kernel-64kb-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_90-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2875-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164373", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2875-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164373);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-1116\",\n \"CVE-2022-1462\",\n \"CVE-2022-2318\",\n \"CVE-2022-2639\",\n \"CVE-2022-20166\",\n \"CVE-2022-21505\",\n \"CVE-2022-26365\",\n \"CVE-2022-29581\",\n \"CVE-2022-32250\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2875-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:2875-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:2875-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause\n memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to\n 5.4.189; version 5.4.24 and later versions. (CVE-2022-1116)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root\n (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD\n CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-21505)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202154\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011976.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aa442af6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-32250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32250\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_90-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-64kb-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'s390x', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.90.1', 'sp':'3', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'cluster-md-kmp-64kb-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'cluster-md-kmp-default-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'cluster-md-kmp-preempt-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'cluster-md-kmp-preempt-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-64kb-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-default-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-preempt-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-preempt-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-al-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-allwinner-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-altera-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-amd-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-amlogic-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-apm-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-arm-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-broadcom-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-cavium-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-exynos-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-freescale-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-hisilicon-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-lg-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-marvell-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-mediatek-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-nvidia-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-qcom-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-renesas-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-rockchip-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-socionext-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-sprd-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-xilinx-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-zte-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-64kb-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-default-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-preempt-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-preempt-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-extra-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-livepatch-devel-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-64kb-optional-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-debug-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-debug-devel-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-debug-livepatch-devel-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-base-rebuild-5.3.18-150300.59.90.1.150300.18.52.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-livepatch-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-optional-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-kvmsmall-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-kvmsmall-devel-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-obs-qa-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-livepatch-devel-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-livepatch-devel-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-optional-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-preempt-optional-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-source-vanilla-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.90.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-64kb-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-default-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-preempt-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-preempt-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-64kb-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-default-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-preempt-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-preempt-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-64kb-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.90.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-preempt-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-preempt-5.3.18-150300.59.90.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dtb-al-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'dtb-zte-5.3.18-150300.59.90.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'cluster-md-kmp-default-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'dlm-kmp-default-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'gfs2-kmp-default-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'ocfs2-kmp-default-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'kernel-default-livepatch-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150300.59.90.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-livepatch-5_3_18-150300_59_90-default-1-150300.7.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-64kb / cluster-md-kmp-default / cluster-md-kmp-preempt / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T04:32:23", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2809-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. (CVE-2022-1116)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-21505)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-16T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2809-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36557", "CVE-2020-36558", "CVE-2021-26341", "CVE-2021-33655", "CVE-2021-33656", "CVE-2021-4157", "CVE-2022-0171", "CVE-2022-1116", "CVE-2022-1462", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-21505", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33981", "CVE-2022-36946"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-obs-build:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-preempt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-preempt-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:reiserfs-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-livepatch:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-livepatch-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_126-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2809-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164138", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2809-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164138);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-1116\",\n \"CVE-2022-1462\",\n \"CVE-2022-1679\",\n \"CVE-2022-2318\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-20154\",\n \"CVE-2022-21505\",\n \"CVE-2022-26365\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33981\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2809-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2809-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2809-1 advisory.\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause\n memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to\n 5.4.189; version 5.4.24 and later versions. (CVE-2022-1116)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root\n (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD\n CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) (CVE-2022-21505)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-August/011914.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4e3ff396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_126-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-devel-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-macros-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-source-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-syms-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'reiserfs-kmp-default-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-syms-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-devel-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-macros-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-source-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.126.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'cluster-md-kmp-default-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'dlm-kmp-default-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'gfs2-kmp-default-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'ocfs2-kmp-default-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'kernel-default-livepatch-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-livepatch-5_3_18-150200_24_126-default-1-150200.5.5.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'reiserfs-kmp-default-5.3.18-150200.24.126.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T14:04:03", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7444 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. (CVE-2022-2938)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. (CVE-2022-27950)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-12T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel-rt (ALSA-2022:7444)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:alma:linux:kernel-rt", "p-cpe:/a:alma:linux:kernel-rt-core", "p-cpe:/a:alma:linux:kernel-rt-debug", "p-cpe:/a:alma:linux:kernel-rt-debug-core", "p-cpe:/a:alma:linux:kernel-rt-debug-devel", "p-cpe:/a:alma:linux:kernel-rt-debug-kvm", "p-cpe:/a:alma:linux:kernel-rt-debug-modules", "p-cpe:/a:alma:linux:kernel-rt-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-rt-devel", "p-cpe:/a:alma:linux:kernel-rt-kvm", "p-cpe:/a:alma:linux:kernel-rt-modules", "p-cpe:/a:alma:linux:kernel-rt-modules-extra", "cpe:/o:alma:linux:8", "cpe:/o:alma:linux:8::nfv", "cpe:/o:alma:linux:8::realtime"], "id": "ALMA_LINUX_ALSA-2022-7444.NASL", "href": "https://www.tenable.com/plugins/nessus/167311", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7444.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167311);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36558\",\n \"CVE-2021-3640\",\n \"CVE-2021-30002\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1055\",\n \"CVE-2022-1184\",\n \"CVE-2022-1852\",\n \"CVE-2022-2078\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-2938\",\n \"CVE-2022-20368\",\n \"CVE-2022-21499\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-27950\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"ALSA\", value:\"2022:7444\");\n\n script_name(english:\"AlmaLinux 8 : kernel-rt (ALSA-2022:7444)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:7444 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the\n fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user\n function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain\n privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past\n commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is\n disabled by default, it could allow an attacker to crash the system or have other memory-corruption side\n effects. (CVE-2022-2938)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse\n error condition. (CVE-2022-27950)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-7444.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(120, 192, 200, 267, 290, 362, 401, 415, 416, 476, 772, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::nfv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::realtime\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2020-36558', 'CVE-2021-3640', 'CVE-2021-30002', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1055', 'CVE-2022-1184', 'CVE-2022-1852', 'CVE-2022-2078', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-2938', 'CVE-2022-20368', 'CVE-2022-21499', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-27950', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:7444');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-rt-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T07:10:38", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7444 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)\n\n - kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - kernel: buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2022:7444)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2022-7444.NASL", "href": "https://www.tenable.com/plugins/nessus/167095", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7444. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167095);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36558\",\n \"CVE-2021-3640\",\n \"CVE-2021-30002\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1055\",\n \"CVE-2022-1184\",\n \"CVE-2022-1852\",\n \"CVE-2022-2078\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-2938\",\n \"CVE-2022-20368\",\n \"CVE-2022-21499\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-27950\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7444\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2022:7444)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7444 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer\n dereference (CVE-2020-36558)\n\n - kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c\n (CVE-2021-30002)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM\n (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image\n (CVE-2022-1184)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - kernel: buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1946279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1980646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2037386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2051444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2053632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2058395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2059928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2069408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2070205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2070220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2088021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2089815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2096178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2112693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2120175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2123695\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(120, 192, 200, 267, 290, 362, 401, 415, 416, 476, 772, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2020-36558', 'CVE-2021-3640', 'CVE-2021-30002', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1055', 'CVE-2022-1184', 'CVE-2022-1852', 'CVE-2022-2078', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-2938', 'CVE-2022-20368', 'CVE-2022-21499', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-27950', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7444');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-04T02:55:48", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7683 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)\n\n - kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - kernel: buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - hw: cpu: arm64: Spectre-BHB (CVE-2022-23960)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-09T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2022:7683)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2022-7683.NASL", "href": "https://www.tenable.com/plugins/nessus/167155", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7683. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167155);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36558\",\n \"CVE-2021-3640\",\n \"CVE-2021-30002\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1055\",\n \"CVE-2022-1184\",\n \"CVE-2022-1852\",\n \"CVE-2022-2078\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-2938\",\n \"CVE-2022-20368\",\n \"CVE-2022-21499\",\n \"CVE-2022-23960\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-27950\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7683\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2022:7683)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7683 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer\n dereference (CVE-2020-36558)\n\n - kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c\n (CVE-2021-30002)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM\n (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image\n (CVE-2022-1184)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - kernel: buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - hw: cpu: arm64: Spectre-BHB (CVE-2022-23960)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1946279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1980646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2037386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2051444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2053632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2058395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2059928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2062284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2069408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2070205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2070220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2088021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2089815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2096178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2112693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2120175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2123695\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(120, 192, 200, 267, 290, 362, 401, 415, 416, 476, 772, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2020-36558', 'CVE-2021-3640', 'CVE-2021-30002', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1055', 'CVE-2022-1184', 'CVE-2022-1852', 'CVE-2022-2078', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-2938', 'CVE-2022-20368', 'CVE-2022-21499', 'CVE-2022-23960', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-27950', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7683');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-425.3.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-425.3.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-425.3.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-425.3.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-425.3.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T22:37:54", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7683 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. (CVE-2022-2938)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. (CVE-2022-27950)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-14T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel (ALSA-2022:7683)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bpftool", "p-cpe:/a:alma:linux:kernel", "p-cpe:/a:alma:linux:kernel-abi-stablelists", "p-cpe:/a:alma:linux:kernel-core", "p-cpe:/a:alma:linux:kernel-cross-headers", "p-cpe:/a:alma:linux:kernel-debug", "p-cpe:/a:alma:linux:kernel-debug-core", "p-cpe:/a:alma:linux:kernel-debug-devel", "p-cpe:/a:alma:linux:kernel-debug-modules", "p-cpe:/a:alma:linux:kernel-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-devel", "p-cpe:/a:alma:linux:kernel-headers", "p-cpe:/a:alma:linux:kernel-modules", "p-cpe:/a:alma:linux:kernel-modules-extra", "p-cpe:/a:alma:linux:kernel-tools", "p-cpe:/a:alma:linux:kernel-tools-libs", "p-cpe:/a:alma:linux:kernel-tools-libs-devel", "p-cpe:/a:alma:linux:kernel-zfcpdump", "p-cpe:/a:alma:linux:kernel-zfcpdump-core", "p-cpe:/a:alma:linux:kernel-zfcpdump-devel", "p-cpe:/a:alma:linux:kernel-zfcpdump-modules", "p-cpe:/a:alma:linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:alma:linux:perf", "p-cpe:/a:alma:linux:python3-perf", "cpe:/o:alma:linux:8", "cpe:/o:alma:linux:8::baseos", "cpe:/o:alma:linux:8::powertools"], "id": "ALMA_LINUX_ALSA-2022-7683.NASL", "href": "https://www.tenable.com/plugins/nessus/167447", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7683.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167447);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36558\",\n \"CVE-2021-3640\",\n \"CVE-2021-30002\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1055\",\n \"CVE-2022-1184\",\n \"CVE-2022-1852\",\n \"CVE-2022-2078\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-2938\",\n \"CVE-2022-20368\",\n \"CVE-2022-21499\",\n \"CVE-2022-23960\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-27950\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"ALSA\", value:\"2022:7683\");\n\n script_name(english:\"AlmaLinux 8 : kernel (ALSA-2022:7683)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:7683 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the\n fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user\n function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain\n privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past\n commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is\n disabled by default, it could allow an attacker to crash the system or have other memory-corruption side\n effects. (CVE-2022-2938)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,\n aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to\n influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive\n information. (CVE-2022-23960)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse\n error condition. (CVE-2022-27950)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-7683.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(120, 192, 200, 267, 290, 362, 401, 415, 416, 476, 772, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::powertools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2020-36558', 'CVE-2021-3640', 'CVE-2021-30002', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1055', 'CVE-2022-1184', 'CVE-2022-1852', 'CVE-2022-2078', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-2938', 'CVE-2022-20368', 'CVE-2022-21499', 'CVE-2022-23960', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-27950', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:7683');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-02T22:41:01", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7683 advisory.\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. (CVE-2022-27950)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. (CVE-2022-2938)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2022-7683)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-12-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-stablelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2022-7683.NASL", "href": "https://www.tenable.com/plugins/nessus/167577", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-7683.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167577);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36558\",\n \"CVE-2021-3640\",\n \"CVE-2021-30002\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1055\",\n \"CVE-2022-1184\",\n \"CVE-2022-1852\",\n \"CVE-2022-2078\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-2938\",\n \"CVE-2022-20368\",\n \"CVE-2022-21499\",\n \"CVE-2022-23960\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-27950\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2022-7683)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-7683 advisory.\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,\n aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to\n influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive\n information. (CVE-2022-23960)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the\n fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user\n function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse\n error condition. (CVE-2022-27950)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is\n disabled by default, it could allow an attacker to crash the system or have other memory-corruption side\n effects. (CVE-2022-2938)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain\n privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past\n commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-7683.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-425.3.1.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-7683');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-abi-stablelists-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-stablelists-4.18.0'},\n {'reference':'kernel-core-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-headers-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T00:50:33", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and may cause a denial of service. (CVE-2022-1012)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel.This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - Kernel-headers includes the C header files that specify the interfacebetween the Linux kernel and userspace libraries and programs. Theheader files define structures and constants that are needed forbuilding most standard programs and are also needed for rebuilding theglibc package. (CVE-2022-1729)\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2022-20132)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. (CVE-2022-2153)\n\n - Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished.\n The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 (CVE-2022-23037)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-09-23T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2022-2384)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-0494", "CVE-2022-0854", "CVE-2022-1012", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1729", "CVE-2022-1789", "CVE-2022-20132", "CVE-2022-20154", "CVE-2022-20166", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-2153", "CVE-2022-23036", "CVE-2022-23037", "CVE-2022-23038", "CVE-2022-23039", "CVE-2022-23040", "CVE-2022-23041", "CVE-2022-23042", "CVE-2022-26365", "CVE-2022-28388", "CVE-2022-28390", "CVE-2022-29581", "CVE-2022-30594", "CVE-2022-32250", "CVE-2022-32296", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-34918"], "modified": "2023-01-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2022-2384.NASL", "href": "https://www.tenable.com/plugins/nessus/165388", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165388);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2020-36558\",\n \"CVE-2021-33655\",\n \"CVE-2021-33656\",\n \"CVE-2022-0494\",\n \"CVE-2022-0854\",\n \"CVE-2022-1012\",\n \"CVE-2022-1280\",\n \"CVE-2022-1353\",\n \"CVE-2022-1729\",\n \"CVE-2022-1789\",\n \"CVE-2022-2153\",\n \"CVE-2022-20132\",\n \"CVE-2022-20154\",\n \"CVE-2022-20166\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21166\",\n \"CVE-2022-23037\",\n \"CVE-2022-26365\",\n \"CVE-2022-28388\",\n \"CVE-2022-28390\",\n \"CVE-2022-29581\",\n \"CVE-2022-30594\",\n \"CVE-2022-32296\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-34918\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2022-2384)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port\n generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and\n may cause a denial of service. (CVE-2022-1012)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel.This flaw\n allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of\n internal kernel information. (CVE-2022-1353)\n\n - Kernel-headers includes the C header files that specify the interfacebetween the Linux kernel and\n userspace libraries and programs. Theheader files define structures and constants that are needed\n forbuilding most standard programs and are also needed for rebuilding theglibc package. (CVE-2022-1729)\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID\n is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation. (CVE-2022-20132)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it\n possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This\n flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel\n oops condition that results in a denial of service. (CVE-2022-2153)\n\n - Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV\n device frontends are using the grant table interfaces for removing access rights of the backends in ways\n being subject to race conditions, resulting in potential data leaks, data corruption by malicious\n backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the\n gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they\n assume that a following removal of the granted access will always succeed, which is not true in case the\n backend has mapped the granted page between those two operations. As a result the backend can keep access\n to the memory page of the guest no matter how the page will be used after the frontend I/O has finished.\n The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of\n a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038\n gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus,\n 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no\n longer in use, but the freeing of the related data page is not synchronized with dropping the granted\n access. As a result the backend can keep access to the memory page even after it has been freed and then\n re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to\n revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which\n can be triggered by the backend. CVE-2022-23042 (CVE-2022-23037)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28388)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers\n to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2384\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1339d9d4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.18.0-147.5.1.6.h806.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.6.h806.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.6.h806.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.6.h806.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2022-11-08T06:09:37", "description": "An update that solves 7 vulnerabilities and has 7 fixes is\n now available.\n\nDescription:\n\n\n The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl\n and closing/opening of ttys that could lead to a use-after-free\n (bnc#1201429).\n - CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could\n lead to a NULL pointer dereference and general protection fault\n (bnc#1200910).\n - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO\n (bnc#1201635).\n - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT\n (bnc#1201636).\n - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe\n subsystem (bnc#1198829).\n - CVE-2022-20166: Fixed possible out of bounds write due to sprintf\n unsafety that could cause local escalation of privilege (bnc#1200598).\n - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that\n could lead to remote DoS (bnc#1201940).\n\n The following non-security bugs were fixed:\n\n - cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926).\n - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926).\n - cifs: To match file servers, make sure the server hostname matches\n (bsc#1201926).\n - cifs: fix memory leak of smb3_fs_context_dup::server_hostname\n (bsc#1201926).\n - cifs: set a minimum of 120s for next dns resolution (bsc#1201926).\n - cifs: use the expiry output of dns_query to schedule next resolution\n (bsc#1201926).\n - kvm: emulate: Fix SETcc emulation function offsets with SLS\n (bsc#1201930).\n - kvm: emulate: do not adjust size of fastop and setcc subroutines\n (bsc#1201930).\n - rpm/*.spec.in: remove backtick usage\n - rpm/constraints.in: skip SLOW_DISK workers for kernel-source\n - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)\n - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut\n module (bsc#1195775)\n - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926,\n bsc#1198484)\n - x86/entry: Remove skip_r11rcx (bsc#1201644).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-2827=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-2827=1\n\n - SUSE Linux Enterprise Server for SAP 15-SP1:\n\n zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2827=1\n\n - SUSE Linux Enterprise Server 15-SP1-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2827=1\n\n - SUSE Linux Enterprise Server 15-SP1-BCL:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2827=1\n\n - SUSE Linux Enterprise Module for Live Patching 15-SP1:\n\n zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2827=1\n\n Please note that this is the initial kernel livepatch without fixes\n itself, this livepatch package is later updated by seperate standalone\n livepatch updates.\n\n - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2827=1\n\n - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2827=1\n\n - SUSE Linux Enterprise High Availability 15-SP1:\n\n zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2827=1\n\n - SUSE Enterprise Storage 6:\n\n zypper in -t patch SUSE-Storage-6-2022-2827=1\n\n - SUSE CaaS Platform 4.0:\n\n To install this update, use the SUSE CaaS Platform 'skuba' tool. It\n will inform you if it detects new updates and let you then trigger\n updating of the complete cluster in a controlled way.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-16T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-36946"], "modified": "2022-08-16T00:00:00", "id": "SUSE-SU-2022:2827-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/V45DVMMOTT5ZNFFDNHRMEUCS2P7BUX6L/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T16:59:44", "description": "An update that solves 16 vulnerabilities, contains one\n feature and has 15 fixes is now available.\n\nDescription:\n\n\n The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various\n security bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2022-36946: Fixed an incorrect packet trucation operation which\n could lead to denial of service (bnc#1201940).\n - CVE-2022-29581: Fixed improper update of reference count in net/sched\n that could cause root privilege escalation (bnc#1199665).\n - CVE-2022-20166: Fixed several possible memory safety issues due to\n unsafe operations (bsc#1200598).\n - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could\n lead to a NULL pointer dereference and general protection fault\n (bnc#1200910).\n - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl\n and closing/opening of TTYs that could lead to a use-after-free\n (bnc#1201429).\n - CVE-2021-33655: Fixed an out of bounds write by ioctl cmd\n FBIOPUT_VSCREENINFO (bnc#1201635).\n - CVE-2021-33656: Fixed an out of bounds write related to ioctl cmd\n PIO_FONT (bnc#1201636).\n - CVE-2022-21505: Fixed a kernel lockdown bypass via IMA policy\n (bsc#1201458).\n - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem\n (bnc#1198829).\n - CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring which\n allowed a local attacker to escalate privileges to root (bnc#1199647).-\n CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler\n in Rose subsystem that allowed unprivileged attackers to crash the\n system (bsc#1201251).\n - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed\n multiple potential data leaks with Block and Network devices when using\n untrusted backends (bsc#1200762).\n\n The following non-security bugs were fixed:\n\n - Fixed a system crash related to the recent RETBLEED mitigation\n (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).\n - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651\n bsc#1200644 bsc#1201954 bsc#1201958).\n - kvm: emulate: do not adjust size of fastop and setcc subroutines\n (bsc#1201930).\n - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature\n (bsc#1199364).\n - bpf: enable BPF type format (BTF) (jsc#SLE-24559).\n - nfs: avoid NULL pointer dereference when there is unflushed data\n (bsc#1201196).\n - hv_netvsc: Add (more) validation for untrusted Hyper-V values\n (bsc#1199364).\n - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).\n - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).\n - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer\n (bsc#1199364).\n - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).\n - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).\n - lkdtm: Disable return thunks in rodata.c (bsc#1178134).\n - net, xdp: Introduce __xdp_build_skb_from_frame utility routine\n (bsc#1199364).\n - net, xdp: Introduce xdp_build_skb_from_frame utility routine\n (bsc#1199364).\n - nvme: consider also host_iface when checking ip options (bsc#1199670).\n - powerpc/mobility: wait for memory transfer to complete (bsc#1201846\n ltc#198761).\n - powerpc/pseries/mobility: set NMI watchdog factor during an LPM\n (bsc#1201846 ltc#198761).\n - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846\n ltc#198761).\n - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).\n - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable\n (bsc#1201956).\n - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test\n (bsc#1201956 bsc#1200521).\n - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE\n (bsc#1201956).\n - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb()\n (bsc#1201956).\n - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed\n user input (bsc#1201956).\n - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into\n lpfc_sli_prep_abort_xri() (bsc#1201956).\n - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).\n - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after\n VMID (bsc#1201956).\n - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration\n (bsc#1201956).\n - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb\n (bsc#1201956).\n - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).\n - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()\n (bsc#1201958).\n - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).\n - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).\n - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).\n - scsi: qla2xxx: Fix response queue handler reading stale packets\n (bsc#1201958).\n - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).\n - scsi: qla2xxx: Update manufacturer details (bsc#1201958).\n - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).\n - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).\n - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).\n - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).\n - x86/bugs: Remove apostrophe typo (bsc#1178134).\n - x86/entry: Remove skip_r11rcx (bsc#1201644).\n - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).\n - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue\n (bsc#1201381).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-2741=1\n\n - SUSE Linux Enterprise Module for Public Cloud 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2741=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1116", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-21505", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-29581", "CVE-2022-32250", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-36946"], "modified": "2022-08-10T00:00:00", "id": "SUSE-SU-2022:2741-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EGXCNXU52CY2RQC5VCVZFGNLQODOA5TA/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-06T12:08:13", "description": "An update that solves 17 vulnerabilities, contains one\n feature and has 26 fixes is now available.\n\nDescription:\n\n The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various\n security bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds\n write in reserve_sfa_size() (bsc#1202154).\n - CVE-2020-36516: Fixed TCP session data injection vulnerability via the\n mixed IPID assignment method (bnc#1196616).\n - CVE-2022-36946: Fixed an incorrect packet trucation operation which\n could lead to denial of service (bnc#1201940).\n - CVE-2022-29581: Fixed improper update of Reference Count in net/sched\n that could cause root privilege escalation (bnc#1199665).\n - CVE-2022-20166: Fixed several possible memory safety issues due to\n unsafe operations (bsc#1200598).\n - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could\n lead to a NULL pointer dereference and general protection fault\n (bnc#1200910).\n - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl\n and closing/opening of TTYs could lead to a use-after-free (bnc#1201429).\n - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy\n (bsc#1201458).\n - CVE-2021-33656: Fixed memory out of bounds write related to ioctl cmd\n PIO_FONT (bnc#1201636).\n - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO\n (bnc#1201635).\n - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem\n (bnc#1198829).\n - CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which\n allowed a local attacker to cause memory corruption and escalate\n privileges to root (bnc#1199647).\n - CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler\n in Rose subsystem that allowed unprivileged attackers to crash the\n system (bsc#1201251).\n - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed\n multiple potential data leaks with Block and Network devices when using\n untrusted backends (bsc#1200762).\n\n The following non-security bugs were fixed:\n\n - Fix bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676 All\n are reports of the same problem - the IBRS_* regs push/popping was wrong\n but it needs 1b331eeea7b8 (\"x86/entry: Remove skip_r11rcx\") too.\n - ACPI: APEI: Better fix to avoid spamming the console with old error logs\n (git-fixes).\n - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).\n - ACPI: video: Shortening quirk list by identifying Clevo by board_name\n only (git-fixes).\n - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).\n - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model\n (git-fixes).\n - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop\n (git-fixes).\n - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221\n (git-fixes).\n - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671\n (git-fixes).\n - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array\n (git-fixes).\n - ASoC: Intel: Skylake: Correct the ssp rate discovery in\n skl_get_ssp_clks() (git-fixes).\n - ASoC: Remove unused hw_write_t type (git-fixes).\n - ASoC: cs47l15: Fix event generation for low power mux control\n (git-fixes).\n - ASoC: madera: Fix event generation for OUT1 demux (git-fixes).\n - ASoC: madera: Fix event generation for rate controls (git-fixes).\n - ASoC: ops: Fix off by one in range control validation (git-fixes).\n - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).\n - ASoC: wm5110: Fix DRE control (git-fixes).\n - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put\n (git-fixes).\n - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).\n - Fixed a regression where smart batteries would not be detected on Mac\n (bsc#1201206).\n - Fixed an issue where qla2xxx would prevent nvme port discovery\n (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958).\n - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR\n (git-fixes).\n - FDDI: defxx: Make MMIO the configuration default except for EISA\n (git-fixes).\n - Fix 1201644, 1201664, 1201672, 1201673, 1201676 All are reports of the\n same problem - the IBRS_* regs push/popping was wrong but it needs\n 1b331eeea7b8 (\"x86/entry: Remove skip_r11rcx\") too.\n - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).\n - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs\n (git-fixes).\n - KVM: VMX: Do not freeze guest when event delivery causes an APIC-access\n exit (git-fixes).\n - KVM: apic: avoid calculating pending eoi from an uninitialized val\n (git-fixes).\n - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2\n (bsc#1201442)\n - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)\n - KVM: emulate: do not adjust size of fastop and setcc subroutines\n (bsc#1201930).\n - KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs\n (git-fixes).\n - KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1\n (git-fixes).\n - KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes).\n - KVM: x86: Fix split-irqchip vs interrupt injection window request\n (git-fixes).\n - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks\n (git-fixes).\n - KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes).\n - NFC: nxp-nci: do not print header length mismatch on i2c error\n (git-fixes).\n - PCI/portdrv: Do not disable AER reporting in\n get_port_device_capability() (git-fixes).\n - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()\n (git-fixes).\n - PCI: dwc: Always enable CDM check if \"snps,enable-cdm-check\" exists\n (git-fixes).\n - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).\n - PCI: dwc: Disable outbound windows only for controllers using iATU\n (git-fixes).\n - PCI: dwc: Stop link on host_init errors and de-initialization\n (git-fixes).\n - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).\n - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).\n - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()\n (git-fixes).\n - PCI: tegra194: Fix Root Port interrupt handling (git-fixes).\n - PCI: tegra194: Fix link up retry sequence (git-fixes).\n - PM: runtime: Remove link state checks in rpm_get/put_supplier()\n (git-fixes).\n - USB: Follow-up to SPDX identifiers addition - remove now useless\n comments (git-fixes).\n - USB: serial: fix tty-port initialized comments (git-fixes).\n - USB: serial: ftdi_sio: add Belimo device ids (git-fixes).\n - arm64 module: set plt* section addresses to 0x0 (git-fixes)\n - arm64: asm: Add new-style position independent function annotations\n (git-fixes)\n - arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return\n (git-fixes)\n - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function\n (git-fixes)\n - arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)\n - arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)\n - arm64: dts: mcbin: support 2W SFP modules (git-fixes)\n - arm64: fix compat syscall return truncation (git-fixes)\n - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)\n - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA\n (git-fixes)\n - arm64: module: remove (NOLOAD) from linker script (git-fixes)\n - arm64: module: rework special section handling (git-fixes)\n - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)\n - arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)\n - arm64: ptrace: Override SPSR.SS when single-stepping is enabled\n (git-fixes)\n - arm64: stackleak: fix current_top_of_stack() (git-fixes)\n - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing\n (git-fixes)\n - arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)\n - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes).\n - ath10k: do not enforce interrupt trigger type (git-fixes).\n - ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).\n - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes).\n - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN\n (git-fixes).\n - block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).\n - block: Fix fsync always failed if once failed (git-fixes).\n - block: Fix wrong offset in bio_truncate() (git-fixes).\n - block: bio-integrity: Advance seed correctly for larger interval sizes\n (git-fixes).\n - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit\n (git-fixes).\n - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature\n (bsc#1199364).\n - bpf: enable BPF type format (BTF) (jsc#SLE-24559).\n - bus: hisi_lpc: fix missing platform_device_put() in\n hisi_lpc_acpi_probe() (git-fixes).\n - can: Break loopback loop on loopback documentation (git-fixes).\n - can: error: specify the values of data[5..7] of CAN error frames\n (git-fixes).\n - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).\n - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).\n - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off\n (git-fixes).\n - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off\n (git-fixes).\n - can: m_can: process interrupt only when not runtime suspended\n (git-fixes).\n - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).\n - can: pch_can: pch_can_error(): initialize errc before using it\n (git-fixes).\n - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).\n - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).\n - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).\n - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).\n - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain\n (git-fixes).\n - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).\n - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).\n - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).\n - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).\n - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks\n (git-fixes).\n - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).\n - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the\n (git-fixes)\n - crypto: qat - disable registration of algorithms (git-fixes).\n - crypto: qat - fix memory leak in RSA (git-fixes).\n - crypto: qat - remove dma_free_coherent() for DH (git-fixes).\n - crypto: qat - remove dma_free_coherent() for RSA (git-fixes).\n - crypto: qat - set to zero DH parameters before free (git-fixes).\n - cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).\n - dm btree remove: assign new_root only when removal succeeds (git-fixes).\n - dm btree remove: fix use after free in rebalance_children() (git-fixes).\n - dm bufio: subtract the number of initial sectors in\n dm_bufio_get_device_size (git-fixes).\n - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()\n (git-fixes).\n - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes).\n - dm crypt: make printing of the key constant-time (git-fixes).\n - dm integrity: conditionally disable \"recalculate\" feature (git-fixes).\n - dm integrity: fix a crash if \"recalculate\" used without \"internal_hash\"\n (git-fixes).\n - dm integrity: fix error code in dm_integrity_ctr() (git-fixes).\n - dm integrity: fix memory corruption when tag_size is less than digest\n size (git-fixes).\n - dm integrity: fix the maximum number of arguments (git-fixes).\n - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes).\n - dm persistent data: packed struct should have an aligned() attribute too\n (git-fixes).\n - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload\n sequences (git-fixes).\n - dm snapshot: fix crash with transient storage and zero chunk size\n (git-fixes).\n - dm snapshot: flush merged data before committing metadata (git-fixes).\n - dm snapshot: properly fix a crash when an origin has no snapshots\n (git-fixes).\n - dm space map common: fix division bug in sm_ll_find_free_block()\n (git-fixes).\n - dm stats: add cond_resched when looping over entries (git-fixes).\n - dm verity: fix FEC for RS roots unaligned to block size (git-fixes).\n - dm: fix mempool NULL pointer race when completing IO (git-fixes).\n - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly\n (git-fixes).\n - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).\n - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).\n - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate\n (git-fixes).\n - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate\n (git-fixes).\n - do not call utsname() after ->nsproxy is NULL (bsc#1201196).\n - drbd: fix potential silent data corruption (git-fixes).\n - driver core: fix potential deadlock in __driver_attach (git-fixes).\n - drivers/net: Fix kABI in tun.c (git-fixes).\n - drivers: net: fix memory leak in atusb_probe (git-fixes).\n - drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).\n - drm/amd/display: Enable building new display engine with KCOV enabled\n (git-fixes).\n - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).\n - drm/doc: Fix comment typo (git-fixes).\n - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent()\n failed (git-fixes).\n - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).\n - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).\n - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()\n (git-fixes).\n - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).\n - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function\n (git-fixes).\n - drm/mediatek: dpi: Only enable dpi after the bridge is enabled\n (git-fixes).\n - drm/mediatek: dpi: Remove output format of YUV (git-fixes).\n - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).\n - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform\n (git-fixes).\n - drm/msm/mdp5: Fix global state lock backoff (git-fixes).\n - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).\n - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).\n - drm/panfrost: Put mapping instead of shmem obj on\n panfrost_mmu_map_fault_addr() error (git-fixes).\n - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).\n - drm/radeon: fix potential buffer overflow in\n ni_set_mc_special_registers() (git-fixes).\n - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).\n - drm/rockchip: vop: Do not crash for invalid duplicate_state()\n (git-fixes).\n - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).\n - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable\n iteration (git-fixes).\n - drm/vc4: dsi: Correct DSI divider calculations (git-fixes).\n - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).\n - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes\n (git-fixes).\n - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).\n - drm/vc4: plane: Fix margin calculations for the right/bottom edges\n (git-fixes).\n - drm/vc4: plane: Remove subpixel positioning check (git-fixes).\n - drm: adv7511: override i2c address of cec before accessing it\n (git-fixes).\n - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).\n - drm: bridge: sii8620: fix possible off-by-one (git-fixes).\n - fbcon: Disallow setting font bigger than screen size (git-fixes).\n - fbcon: Prevent that screen size is smaller than font size (git-fixes).\n - fbdev: fbmem: Fix logo center image dx issue (git-fixes).\n - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).\n - fpga: altera-pr-ip: fix unsigned comparison with less than zero\n (git-fixes).\n - ftgmac100: Restart MAC HW once (git-fixes).\n - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()\n (git-fixes).\n - gpio: pca953x: only use single read/write for No AI mode (git-fixes).\n - gpio: pca953x: use the correct range when do regmap sync (git-fixes).\n - gpio: pca953x: use the correct register address when regcache sync\n during init (git-fixes).\n - hex2bin: make the function hex_to_bin constant-time (git-fixes).\n - hv_netvsc: Add (more) validation for untrusted Hyper-V values\n (bsc#1199364).\n - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).\n - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).\n - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer\n (bsc#1199364).\n - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).\n - i2c: Fix a potential use after free (git-fixes).\n - i2c: cadence: Change large transfer count reset logic to be\n unconditional (git-fixes).\n - i2c: cadence: Support PEC for SMBus block read (git-fixes).\n - i2c: cadence: Unregister the clk notifier in error path (git-fixes).\n - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).\n - ida: do not use BUG_ON() for debugging (git-fixes).\n - igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).\n - iio: accel: bma220: Fix alignment for DMA safety (git-fixes).\n - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).\n - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).\n - iio: adc: max1027: Fix alignment for DMA safety (git-fixes).\n - iio: adc: max11100: Fix alignment for DMA safety (git-fixes).\n - iio: adc: max1118: Fix alignment for DMA safety (git-fixes).\n - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).\n - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).\n - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large\n (git-fixes).\n - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).\n - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).\n - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).\n - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).\n - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).\n - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).\n - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).\n - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).\n - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).\n - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).\n - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).\n - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).\n - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).\n - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).\n - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).\n - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).\n - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).\n - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).\n - ima: Fix a potential integer overflow in ima_appraise_measurement\n (git-fixes).\n - ima: Fix potential memory leak in ima_init_crypto() (git-fixes).\n - intel_th: Fix a resource leak in an error handling path (git-fixes).\n - intel_th: msu-sink: Potential dereference of null pointer (git-fixes).\n - intel_th: msu: Fix vmalloced buffers (git-fixes).\n - kABI workaround for rtsx_usb (git-fixes).\n - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).\n - lib/string.c: implement stpcpy (git-fixes).\n - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check\n (git-fixes).\n - linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes).\n - linux/random.h: Use false with bool (git-fixes).\n - lkdtm: Disable return thunks in rodata.c (bsc#1178134).\n - macvlan: remove redundant null check on data (git-fixes).\n - md/bitmap: wait for external bitmap writes to complete during tear down\n (git-fixes).\n - md/raid0: Ignore RAID0 layout if the second zone has only one device\n (git-fixes).\n - md: Set prev_flush_start and flush_bio in an atomic way (git-fixes).\n - md: bcache: check the return value of kzalloc() in\n detached_dev_do_request() (git-fixes).\n - media: hdpvr: fix error value returns in hdpvr_read (git-fixes).\n - media: rc: increase rc-mm tolerance and add debug message (git-fixes).\n - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle\n (git-fixes).\n - media: rtl28xxu: add missing sleep before probing slave demod\n (git-fixes).\n - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).\n - media: smipcie: fix interrupt handling and IR timeout (git-fixes).\n - media: tw686x: Register the irq at the end of probe (git-fixes).\n - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device()\n (git-fixes).\n - media: v4l2-mem2mem: always consider OUTPUT queue during poll\n (git-fixes).\n - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes).\n - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()\n (git-fixes).\n - memregion: Fix memregion_free() fallback definition (git-fixes).\n - memstick/ms_block: Fix a memory leak (git-fixes).\n - memstick/ms_block: Fix some incorrect memory allocation (git-fixes).\n - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).\n - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).\n - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer\n (git-fixes).\n - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).\n - misc: rtsx_usb: use separate command and response buffers (git-fixes).\n - mm: fix page reference leak in soft_offline_page() (git fixes\n (mm/memory-failure)).\n - mmc: cavium-octeon: Add of_node_put() when breaking out of loop\n (git-fixes).\n - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop\n (git-fixes).\n - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).\n - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch\n (git-fixes).\n - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle\n (git-fixes).\n - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg\n (git-fixes).\n - net, xdp: Introduce __xdp_build_skb_from_frame utility routine\n (bsc#1199364).\n - net, xdp: Introduce xdp_build_skb_from_frame utility routine\n (bsc#1199364).\n - net/mlx5e: When changing XDP program without reset, take refs for XSK\n RQs (git-fixes).\n - net/sonic: Fix a resource leak in an error handling path in\n 'jazz_sonic_probe()' (git-fixes).\n - net/sonic: Fix some resource leaks in error handling paths (git-fixes).\n - net: ag71xx: remove unnecessary MTU reservation (git-fixes).\n - net: allwinner: Fix some resources leak in the error handling path of\n the probe and in the remove function (git-fixes).\n - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning\n (git-fixes).\n - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP\n (git-fixes).\n - net: amd-xgbe: Reset link when the link never comes back (git-fixes).\n - net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout\n (git-fixes).\n - net: axienet: Handle deferred probe on clock properly (git-fixes).\n - net: dsa: b53: fix an off by one in checking \"vlan->vid\" (git-fixes).\n - net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes).\n - net: dsa: bcm_sf2: put device node before return (git-fixes).\n - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE\n (git-fixes).\n - net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock\n (git-fixes).\n - net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets\n (git-fixes).\n - net: enetc: keep RX ring consumer index in sync with hardware\n (git-fixes).\n - net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).\n - net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes).\n - net: ftgmac100: Fix crash when removing driver (git-fixes).\n - net: hdlc_x25: Return meaningful error code in x25_open (git-fixes).\n - net: hns3: fix error mask definition of flow director (git-fixes).\n - net: hso: bail out on interrupt URB allocation failure (git-fixes).\n - net: lapbether: Prevent racing when checking whether the netif is\n running (git-fixes).\n - net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes).\n - net: ll_temac: Fix potential NULL dereference in temac_probe()\n (git-fixes).\n - net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes).\n - net: macb: add function to disable all macb clocks (git-fixes).\n - net: macb: restore cmp registers on resume path (git-fixes).\n - net: macb: unprepare clocks in case of failure (git-fixes).\n - net: mscc: Fix OF_MDIO config check (git-fixes).\n - net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes).\n - net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes).\n - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).\n - net: stmmac: Modify configuration method of EEE timers (git-fixes).\n - net: stmmac: Use resolved link config in mac_link_up() (git-fixes).\n - net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes).\n - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes).\n - net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes).\n - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10\n (git-fixes).\n - net: stmmac: fix watchdog timeout during suspend/resume stress test\n (git-fixes).\n - net: stmmac: stop each tx channel independently (git-fixes).\n - net: tun: set tun->dev->addr_len during TUNSETLINK processing\n (git-fixes).\n - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).\n - net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).\n - net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).\n - net: usb: ax88179_178a: remove redundant assignment to variable ret\n (git-fixes).\n - net: usb: ax88179_178a: write mac to hardware in get_mac_addr\n (git-fixes).\n - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).\n - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).\n - net: usb: use eth_hw_addr_set() (git-fixes).\n - nvme: consider also host_iface when checking ip options (bsc#1199670).\n - octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes).\n - octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).\n - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).\n - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).\n - platform/olpc: Fix uninitialized data in debugfs write (git-fixes).\n - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).\n - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe\n (git-fixes).\n - powerpc/mobility: wait for memory transfer to complete (bsc#1201846\n ltc#198761).\n - powerpc/pseries/mobility: set NMI watchdog factor during an LPM\n (bsc#1201846 ltc#198761).\n - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846\n ltc#198761).\n - profiling: fix shift-out-of-bounds bugs (git fixes).\n - r8169: fix accessing unset transport header (git-fixes).\n - random: document add_hwgenerator_randomness() with other input functions\n (git-fixes).\n - random: fix typo in comments (git-fixes).\n - random: remove useless header comment (git fixes).\n - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).\n - regulator: of: Fix refcount leak bug in of_get_regulation_constraints()\n (git-fixes).\n - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)\n - sched/fair: Revise comment about lb decision matrix (git fixes\n (sched/fair)).\n - sched/membarrier: fix missing local execution of ipi_sync_rq_state()\n (git fixes (sched/membarrier)).\n - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).\n - scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes).\n - scsi: core: Only put parent device if host state differs from\n SHOST_CREATED (git-fixes).\n - scsi: core: Put .shost_dev in failure path if host state changes to\n RUNNING (git-fixes).\n - scsi: core: Put LLD module refcnt after SCSI device is released\n (git-fixes).\n - scsi: core: Retry I/O for Notify (Enable Spinup) Required error\n (git-fixes).\n - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).\n - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable\n (bsc#1201956).\n - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test\n (bsc#1201956 bsc#1200521).\n - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE\n (bsc#1201956).\n - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb()\n (bsc#1201956).\n - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed\n user input (bsc#1201956).\n - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into\n lpfc_sli_prep_abort_xri() (bsc#1201956).\n - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).\n - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after\n VMID (bsc#1201956).\n - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration\n (bsc#1201956).\n - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb\n (bsc#1201956).\n - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).\n - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()\n (bsc#1201958).\n - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).\n - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).\n - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).\n - scsi: qla2xxx: Fix response queue handler reading stale packets\n (bsc#1201958).\n - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).\n - scsi: qla2xxx: Update manufacturer details (bsc#1201958).\n - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).\n - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).\n - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).\n - scsi: scsi_debug: Sanity check block descriptor length in\n resp_mode_select() (git-fixes).\n - scsi: sd: Fix potential NULL pointer dereference (git-fixes).\n - scsi: ufs: Release clock if DMA map fails (git-fixes).\n - scsi: ufs: handle cleanup correctly on devm_reset_control_get error\n (git-fixes).\n - serial: 8250: fix return error code in serial8250_request_std_resource()\n (git-fixes).\n - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).\n - serial: stm32: Clear prev values before setting RTS delays (git-fixes).\n - soc: fsl: guts: machine variable might be unset (git-fixes).\n - soc: ixp4xx/npe: Fix unused match warning (git-fixes).\n - soundwire: bus_type: fix remove and shutdown support (git-fixes).\n - spi: &lt;linux/spi/spi.h>: add missing struct kernel-doc entry\n (git-fixes).\n - spi: amd: Limit max transfer and message size (git-fixes).\n - staging: rtl8192u: Fix sleep in atomic context bug in\n dm_fsync_timer_callback (git-fixes).\n - sysctl: Fix data races in proc_dointvec() (git-fixes).\n - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).\n - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).\n - sysctl: Fix data races in proc_douintvec() (git-fixes).\n - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).\n - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).\n - thermal/tools/tmon: Include pthread and time headers in tmon.h\n (git-fixes).\n - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes\n (kernel/time)).\n - usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).\n - usb: dwc3: gadget: Fix event pending check (git-fixes).\n - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).\n - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).\n - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).\n - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).\n - usb: typec: add missing uevent when partner support PD (git-fixes).\n - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion\n (git-fixes).\n - usb: xhci: tegra: Fix error check (git-fixes).\n - usbnet: fix memory leak in error case (git-fixes).\n - video: of_display_timing.h: include errno.h (git-fixes).\n - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).\n - virtio-net: fix the race between refill work and close (git-fixes).\n - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).\n - virtio_mmio: Restore guest page size on resume (git-fixes).\n - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).\n - wifi: iwlegacy: 4965: fix potential off-by-one overflow in\n il4965_rs_fill_link_cmd() (git-fixes).\n - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue\n (git-fixes).\n - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).\n - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).\n - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).\n - wifi: p54: add missing parentheses in p54_flush() (git-fixes).\n - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()\n (git-fixes).\n - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()\n (git-fixes).\n - wifi: wil6210: debugfs: fix uninitialized variable use in\n `wil_write_file_wmi()` (git-fixes).\n - x86/bugs: Remove apostrophe typo (bsc#1178134).\n - x86/entry: Remove skip_r11rcx (bsc#1201644).\n - x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).\n - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).\n - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue\n (bsc#1201381).\n - xen: detect uninitialized xenbus in xenbus_init (git-fixes).\n - xen: do not continue xenstore initialization in case of errors\n (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap Micro 5.2:\n\n zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2892=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-01T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1116", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-21505", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-2639", "CVE-2022-29581", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-36946"], "modified": "2022-09-01T00:00:00", "id": "SUSE-SU-2022:2892-2", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LH4WFZ3E6DILZLM6JI4LXBO3XD3KCL2U/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-08T06:09:37", "description": "An update that solves 18 vulnerabilities, contains one\n feature and has 18 fixes is now available.\n\nDescription:\n\n The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2020-36516: Fixed TCP session data injection vulnerability via the\n mixed IPID assignment method (bnc#1196616).\n - CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl\n and closing/opening of ttys that could lead to a use-after-free\n (bnc#1201429).\n - CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could\n lead to a NULL pointer dereference and general protection fault\n (bnc#1200910).\n - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO\n (bnc#1201635).\n - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT\n (bnc#1201636).\n - CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which\n allowed a local attacker to cause memory corruption and escalate\n privileges to root (bnc#1199647).\n - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe\n subsystem (bnc#1198829).\n - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer\n handler in net/rose/rose_timer.c that allow attackers to crash the\n system without any privileges (bsc#1201251).\n - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds\n write in reserve_sfa_size() (bsc#1202154).\n - CVE-2022-20166: Fixed possible out of bounds write due to sprintf\n unsafety that could cause local escalation of privilege (bnc#1200598)\n - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy\n (bsc#1201458).\n - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed\n multiple potential data leaks with Block and Network devices when using\n untrusted backends (bsc#1200762).\n - CVE-2022-29581: Fixed improper update of Reference Count in net/sched\n that could cause root privilege escalation (bnc#1199665).\n - CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c\n that could allow local privilege escalation (bnc#1200015).\n - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that\n could lead to remote DoS (bnc#1201940).\n\n The following non-security bugs were fixed:\n\n - ACPI: APEI: Better fix to avoid spamming the console with old error logs\n (git-fixes).\n - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).\n - ACPI: video: Shortening quirk list by identifying Clevo by board_name\n only (git-fixes).\n - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).\n - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model\n (git-fixes).\n - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop\n (git-fixes).\n - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221\n (git-fixes).\n - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671\n (git-fixes).\n - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array\n (git-fixes).\n - ASoC: Intel: Skylake: Correct the ssp rate discovery in\n skl_get_ssp_clks() (git-fixes).\n - ASoC: Remove unused hw_write_t type (git-fixes).\n - ASoC: cs47l15: Fix event generation for low power mux control\n (git-fixes).\n - ASoC: madera: Fix event generation for OUT1 demux (git-fixes).\n - ASoC: madera: Fix event generation for rate controls (git-fixes).\n - ASoC: ops: Fix off by one in range control validation (git-fixes).\n - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).\n - ASoC: wm5110: Fix DRE control (git-fixes).\n - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put\n (git-fixes).\n - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).\n - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR\n (git-fixes).\n - FDDI: defxx: Make MMIO the configuration default except for EISA\n (git-fixes).\n - Fixed a system crash related to the recent RETBLEED mitigation\n (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).\n - Fixed battery detection problem on macbooks (bnc#1201206).\n - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).\n - KVM/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).\n - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs\n (git-fixes).\n - KVM: VMX: Do not freeze guest when event delivery causes an APIC-access\n exit (git-fixes).\n - KVM: apic: avoid calculating pending eoi from an uninitialized val\n (git-fixes).\n - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2\n (bsc#1201442)\n - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)\n - KVM: emulate: do not adjust size of fastop and setcc subroutines\n (bsc#1201930).\n - KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs\n (git-fixes).\n - KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1\n (git-fixes).\n - KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in\n intel_pmu_refresh() (git-fixes).\n - KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes).\n - KVM: x86: Fix split-irqchip vs interrupt injection window request\n (git-fixes).\n - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks\n (git-fixes).\n - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is\n adjusted (git-fixes).\n - KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes).\n - NFC: nxp-nci: do not print header length mismatch on i2c error\n (git-fixes).\n - PCI/portdrv: Do not disable AER reporting in\n get_port_device_capability() (git-fixes).\n - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()\n (git-fixes).\n - PCI: dwc: Always enable CDM check if \"snps,enable-cdm-check\" exists\n (git-fixes).\n - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).\n - PCI: dwc: Disable outbound windows only for controllers using iATU\n (git-fixes).\n - PCI: dwc: Stop link on host_init errors and de-initialization\n (git-fixes).\n - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).\n - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).\n - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()\n (git-fixes).\n - PCI: tegra194: Fix Root Port interrupt handling (git-fixes).\n - PCI: tegra194: Fix link up retry sequence (git-fixes).\n - PM: runtime: Remove link state checks in rpm_get/put_supplier()\n (git-fixes).\n - Sort in RETbleed backport into the sorted section Now that it is\n upstream..\n - USB: Follow-up to SPDX identifiers addition - remove now useless\n comments (git-fixes).\n - USB: serial: fix tty-port initialized comments (git-fixes).\n - USB: serial: ftdi_sio: add Belimo device ids (git-fixes).\n - amd-xgbe: Update DMA coherency values (git-fixes).\n - arm64 module: set plt* section addresses to 0x0 (git-fixes)\n - arm64: Extend workaround for erratum 1024718 to all versions of\n (git-fixes)\n - arm64: asm: Add new-style position independent function annotations\n (git-fixes)\n - arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return\n (git-fixes)\n - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function\n (git-fixes)\n - arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)\n - arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)\n - arm64: dts: mcbin: support 2W SFP modules (git-fixes)\n - arm64: fix compat syscall return truncation (git-fixes)\n - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)\n - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA\n (git-fixes)\n - arm64: module: remove (NOLOAD) from linker script (git-fixes)\n - arm64: module: rework special section handling (git-fixes)\n - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)\n - arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)\n - arm64: ptrace: Override SPSR.SS when single-stepping is enabled\n (git-fixes)\n - arm64: stackleak: fix current_top_of_stack() (git-fixes)\n - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing\n (git-fixes)\n - arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)\n - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes).\n - ath10k: do not enforce interrupt trigger type (git-fixes).\n - ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).\n - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes).\n - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN\n (git-fixes).\n - block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).\n - block: Fix fsync always failed if once failed (git-fixes).\n - block: Fix wrong offset in bio_truncate() (git-fixes).\n - block: bio-integrity: Advance seed correctly for larger interval sizes\n (git-fixes).\n - block: do not delete queue kobject before its children (git-fixes).\n - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit\n (git-fixes).\n - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature\n (bsc#1199364).\n - bpf: Add config to allow loading modules with BTF mismatches\n (jsc#SLE-24559).\n - bpf: Add in-kernel split BTF support (jsc#SLE-24559).\n - bpf: Assign ID to vmlinux BTF and return extra info for BTF in\n GET_OBJ_INFO (jsc#SLE-24559).\n - bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559).\n - bpf: Load and verify kernel module BTFs (jsc#SLE-24559).\n - bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559).\n - bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559).\n - bus: hisi_lpc: fix missing platform_device_put() in\n hisi_lpc_acpi_probe() (git-fixes).\n - can: Break loopback loop on loopback documentation (git-fixes).\n - can: error: specify the values of data[5..7] of CAN error frames\n (git-fixes).\n - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).\n - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).\n - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off\n (git-fixes).\n - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off\n (git-fixes).\n - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).\n - can: pch_can: pch_can_error(): initialize errc before using it\n (git-fixes).\n - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).\n - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).\n - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).\n - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).\n - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain\n (git-fixes).\n - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).\n - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).\n - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).\n - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).\n - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks\n (git-fixes).\n - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).\n - config: enable DEBUG_INFO_BTF This option allows users to access the btf\n type information for vmlinux but not kernel modules.\n - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the\n (git-fixes)\n - crypto: qat - disable registration of algorithms (git-fixes).\n - crypto: qat - fix memory leak in RSA (git-fixes).\n - crypto: qat - remove dma_free_coherent() for DH (git-fixes).\n - crypto: qat - remove dma_free_coherent() for RSA (git-fixes).\n - crypto: qat - set to zero DH parameters before free (git-fixes).\n - cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).\n - dm btree remove: assign new_root only when removal succeeds (git-fixes).\n - dm btree remove: fix use after free in rebalance_children() (git-fixes).\n - dm bufio: subtract the number of initial sectors in\n dm_bufio_get_device_size (git-fixes).\n - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()\n (git-fixes).\n - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes).\n - dm crypt: make printing of the key constant-time (git-fixes).\n - dm integrity: conditionally disable \"recalculate\" feature (git-fixes).\n - dm integrity: fix a crash if \"recalculate\" used without \"internal_hash\"\n (git-fixes).\n - dm integrity: fix error code in dm_integrity_ctr() (git-fixes).\n - dm integrity: fix memory corruption when tag_size is less than digest\n size (git-fixes).\n - dm integrity: fix the maximum number of arguments (git-fixes).\n - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes).\n - dm persistent data: packed struct should have an aligned() attribute too\n (git-fixes).\n - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload\n sequences (git-fixes).\n - dm snapshot: fix crash with transient storage and zero chunk size\n (git-fixes).\n - dm snapshot: flush merged data before committing metadata (git-fixes).\n - dm snapshot: properly fix a crash when an origin has no snapshots\n (git-fixes).\n - dm space map common: fix division bug in sm_ll_find_free_block()\n (git-fixes).\n - dm stats: add cond_resched when looping over entries (git-fixes).\n - dm verity: fix FEC for RS roots unaligned to block size (git-fixes).\n - dm: fix mempool NULL pointer race when completing IO (git-fixes).\n - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly\n (git-fixes).\n - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).\n - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).\n - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate\n (git-fixes).\n - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate\n (git-fixes).\n - do not call utsname() after ->nsproxy is NULL (bsc#1201196).\n - drbd: fix potential silent data corruption (git-fixes).\n - driver core: fix potential deadlock in __driver_attach (git-fixes).\n - drivers/net: Fix kABI in tun.c (git-fixes).\n - drivers: net: fix memory leak in atusb_probe (git-fixes).\n - drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).\n - drm/amd/display: Enable building new display engine with KCOV enabled\n (git-fixes).\n - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).\n - drm/doc: Fix comment typo (git-fixes).\n - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent()\n failed (git-fixes).\n - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).\n - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).\n - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()\n (git-fixes).\n - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).\n - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function\n (git-fixes).\n - drm/mediatek: dpi: Only enable dpi after the bridge is enabled\n (git-fixes).\n - drm/mediatek: dpi: Remove output format of YUV (git-fixes).\n - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).\n - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform\n (git-fixes).\n - drm/msm/mdp5: Fix global state lock backoff (git-fixes).\n - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).\n - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).\n - drm/panfrost: Put mapping instead of shmem obj on\n panfrost_mmu_map_fault_addr() error (git-fixes).\n - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).\n - drm/radeon: fix potential buffer overflow in\n ni_set_mc_special_registers() (git-fixes).\n - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).\n - drm/rockchip: vop: Do not crash for invalid duplicate_state()\n (git-fixes).\n - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).\n - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable\n iteration (git-fixes).\n - drm/vc4: dsi: Correct DSI divider calculations (git-fixes).\n - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).\n - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes\n (git-fixes).\n - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).\n - drm/vc4: plane: Fix margin calculations for the right/bottom edges\n (git-fixes).\n - drm/vc4: plane: Remove subpixel positioning check (git-fixes).\n - drm: adv7511: override i2c address of cec before accessing it\n (git-fixes).\n - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).\n - drm: bridge: sii8620: fix possible off-by-one (git-fixes).\n - fbcon: Disallow setting font bigger than screen size (git-fixes).\n - fbcon: Prevent that screen size is smaller than font size (git-fixes).\n - fbdev: fbmem: Fix logo center image dx issue (git-fixes).\n - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).\n - fpga: altera-pr-ip: fix unsigned comparison with less than zero\n (git-fixes).\n - ftgmac100: Restart MAC HW once (git-fixes).\n - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()\n (git-fixes).\n - gpio: pca953x: only use single read/write for No AI mode (git-fixes).\n - gpio: pca953x: use the correct range when do regmap sync (git-fixes).\n - gpio: pca953x: use the correct register address when regcache sync\n during init (git-fixes).\n - hex2bin: make the function hex_to_bin constant-time (git-fixes).\n - hv_netvsc: Add (more) validation for untrusted Hyper-V values\n (bsc#1199364).\n - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).\n - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).\n - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer\n (bsc#1199364).\n - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).\n - i2c: Fix a potential use after free (git-fixes).\n - i2c: cadence: Change large transfer count reset logic to be\n unconditional (git-fixes).\n - i2c: cadence: Support PEC for SMBus block read (git-fixes).\n - i2c: cadence: Unregister the clk notifier in error path (git-fixes).\n - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).\n - ida: do not use BUG_ON() for debugging (git-fixes).\n - igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).\n - iio: accel: bma220: Fix alignment for DMA safety (git-fixes).\n - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).\n - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).\n - iio: adc: max1027: Fix alignment for DMA safety (git-fixes).\n - iio: adc: max11100: Fix alignment for DMA safety (git-fixes).\n - iio: adc: max1118: Fix alignment for DMA safety (git-fixes).\n - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).\n - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).\n - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large\n (git-fixes).\n - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).\n - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).\n - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).\n - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).\n - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).\n - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).\n - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).\n - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).\n - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).\n - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).\n - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).\n - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).\n - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).\n - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).\n - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).\n - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).\n - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).\n - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).\n - ima: Fix a potential integer overflow in ima_appraise_measurement\n (git-fixes).\n - ima: Fix potential memory leak in ima_init_crypto() (git-fixes).\n - intel_th: Fix a resource leak in an error handling path (git-fixes).\n - intel_th: msu-sink: Potential dereference of null pointer (git-fixes).\n - intel_th: msu: Fix vmalloced buffers (git-fixes).\n - kABI workaround for rtsx_usb (git-fixes).\n - kabi: create module private struct to hold btf size/data (jsc#SLE-24559).\n - kbuild: Build kernel module BTFs if BTF is enabled and pahole supports\n it (jsc#SLE-24559).\n - kbuild: Skip module BTF generation for out-of-tree external modules\n (jsc#SLE-24559).\n - kbuild: add marker for build log of *.mod.o (jsc#SLE-24559).\n - kbuild: drop $(wildcard $^) check in if_changed* for faster rebuild\n (jsc#SLE-24559).\n - kbuild: rebuild modules when module linker scripts are updated\n (jsc#SLE-24559).\n - kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559).\n - kbuild: split final module linking out into Makefile.modfinal\n (jsc#SLE-24559).\n - lib/string.c: implement stpcpy (git-fixes).\n - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check\n (git-fixes).\n - linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes).\n - linux/random.h: Use false with bool (git-fixes).\n - lkdtm: Disable return thunks in rodata.c (bsc#1178134).\n - macvlan: remove redundant null check on data (git-fixes).\n - md/bitmap: wait for external bitmap writes to complete during tear down\n (git-fixes).\n - md/raid0: Ignore RAID0 layout if the second zone has only one device\n (git-fixes).\n - md: Set prev_flush_start and flush_bio in an atomic way (git-fixes).\n - md: bcache: check the return value of kzalloc() in\n detached_dev_do_request() (git-fixes).\n - media: hdpvr: fix error value returns in hdpvr_read (git-fixes).\n - media: rc: increase rc-mm tolerance and add debug message (git-fixes).\n - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle\n (git-fixes).\n - media: rtl28xxu: add missing sleep before probing slave demod\n (git-fixes).\n - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).\n - media: smipcie: fix interrupt handling and IR timeout (git-fixes).\n - media: tw686x: Register the irq at the end of probe (git-fixes).\n - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device()\n (git-fixes).\n - media: v4l2-mem2mem: always consider OUTPUT queue during poll\n (git-fixes).\n - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes).\n - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()\n (git-fixes).\n - memregion: Fix memregion_free() fallback definition (git-fixes).\n - memstick/ms_block: Fix a memory leak (git-fixes).\n - memstick/ms_block: Fix some incorrect memory allocation (git-fixes).\n - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).\n - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).\n - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer\n (git-fixes).\n - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).\n - misc: rtsx_usb: use separate command and response buffers (git-fixes).\n - mm/slub: add missing TID updates on slab deactivation (git-fixes).\n - mm: fix page reference leak in soft_offline_page() (git fixes\n (mm/memory-failure)).\n - mmc: cavium-octeon: Add of_node_put() when breaking out of loop\n (git-fixes).\n - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop\n (git-fixes).\n - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).\n - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch\n (git-fixes).\n - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle\n (git-fixes).\n - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg\n (git-fixes).\n - net, xdp: Introduce __xdp_build_skb_from_frame utility routine\n (bsc#1199364).\n - net, xdp: Introduce xdp_build_skb_from_frame utility routine\n (bsc#1199364).\n - net/mlx5e: When changing XDP program without reset, take refs for XSK\n RQs (git-fixes).\n - net/sonic: Fix some resource leaks in error handling paths (git-fixes).\n - net: ag71xx: remove unnecessary MTU reservation (git-fixes).\n - net: allwinner: Fix some resources leak in the error handling path of\n the probe and in the remove function (git-fixes).\n - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning\n (git-fixes).\n - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP\n (git-fixes).\n - net: amd-xgbe: Reset link when the link never comes back (git-fixes).\n - net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout\n (git-fixes).\n - net: axienet: Handle deferred probe on clock properly (git-fixes).\n - net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes).\n - net: dsa: bcm_sf2: put device node before return (git-fixes).\n - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE\n (git-fixes).\n - net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock\n (git-fixes).\n - net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets\n (git-fixes).\n - net: enetc: keep RX ring consumer index in sync with hardware\n (git-fixes).\n - net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).\n - net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes).\n - net: hns3: fix error mask definition of flow director (git-fixes).\n - net: hso: bail out on interrupt URB allocation failure (git-fixes).\n - net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes).\n - net: ll_temac: Fix potential NULL dereference in temac_probe()\n (git-fixes).\n - net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes).\n - net: macb: add function to disable all macb clocks (git-fixes).\n - net: macb: restore cmp registers on resume path (git-fixes).\n - net: macb: unprepare clocks in case of failure (git-fixes).\n - net: mscc: Fix OF_MDIO config check (git-fixes).\n - net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes).\n - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).\n - net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes).\n - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes).\n - net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes).\n - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10\n (git-fixes).\n - net: stmmac: fix watchdog timeout during suspend/resume stress test\n (git-fixes).\n - net: stmmac: stop each tx channel independently (git-fixes).\n - net: tun: set tun->dev->addr_len during TUNSETLINK processing\n (git-fixes).\n - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).\n - net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).\n - net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).\n - net: usb: ax88179_178a: remove redundant assignment to variable ret\n (git-fixes).\n - net: usb: ax88179_178a: write mac to hardware in get_mac_addr\n (git-fixes).\n - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).\n - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).\n - net: usb: use eth_hw_addr_set() (git-fixes).\n - nvme: consider also host_iface when checking ip options (bsc#1199670).\n - octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).\n - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).\n - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).\n - platform/olpc: Fix uninitialized data in debugfs write (git-fixes).\n - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).\n - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe\n (git-fixes).\n - powerpc/mobility: wait for memory transfer to complete (bsc#1201846\n ltc#198761).\n - powerpc/pseries/mobility: set NMI watchdog factor during an LPM\n (bsc#1201846 ltc#198761).\n - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846\n ltc#198761).\n - profiling: fix shift-out-of-bounds bugs (git fixes).\n - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651\n bsc#1200644 bsc#1201954 bsc#1201958).\n - r8169: fix accessing unset transport header (git-fixes).\n - random: document add_hwgenerator_randomness() with other input functions\n (git-fixes).\n - random: fix typo in comments (git-fixes).\n - random: remove useless header comment (git fixes).\n - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).\n - regulator: of: Fix refcount leak bug in of_get_regulation_constraints()\n (git-fixes).\n - rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer\n Dwarves 1.22 or newer is required to build kernels with BTF information\n embedded in modules.\n - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)\n - sched/fair: Revise comment about lb decision matrix (git fixes\n (sched/fair)).\n - sched/membarrier: fix missing local execution of ipi_sync_rq_state()\n (git fixes (sched/membarrier)).\n - scripts: dummy-tools, add pahole (jsc#SLE-24559).\n - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).\n - scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes).\n - scsi: core: Only put parent device if host state differs from\n SHOST_CREATED (git-fixes).\n - scsi: core: Put .shost_dev in failure path if host state changes to\n RUNNING (git-fixes).\n - scsi: core: Put LLD module refcnt after SCSI device is released\n (git-fixes).\n - scsi: core: Retry I/O for Notify (Enable Spinup) Required error\n (git-fixes).\n - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).\n - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable\n (bsc#1201956).\n - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test\n (bsc#1201956 bsc#1200521).\n - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE\n (bsc#1201956).\n - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb()\n (bsc#1201956).\n - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed\n user input (bsc#1201956).\n - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into\n lpfc_sli_prep_abort_xri() (bsc#1201956).\n - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).\n - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after\n VMID (bsc#1201956).\n - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration\n (bsc#1201956).\n - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb\n (bsc#1201956).\n - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).\n - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()\n (bsc#1201958).\n - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).\n - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).\n - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).\n - scsi: qla2xxx: Fix response queue handler reading stale packets\n (bsc#1201958).\n - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).\n - scsi: qla2xxx: Update manufacturer details (bsc#1201958).\n - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).\n - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).\n - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).\n - scsi: scsi_debug: Sanity check block descriptor length in\n resp_mode_select() (git-fixes).\n - scsi: sd: Fix potential NULL pointer dereference (git-fixes).\n - scsi: ufs: Release clock if DMA map fails (git-fixes).\n - scsi: ufs: handle cleanup correctly on devm_reset_control_get error\n (git-fixes).\n - serial: 8250: fix return error code in serial8250_request_std_resource()\n (git-fixes).\n - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).\n - serial: stm32: Clear prev values before setting RTS delays (git-fixes).\n - soc: fsl: guts: machine variable might be unset (git-fixes).\n - soc: ixp4xx/npe: Fix unused match warning (git-fixes).\n - soundwire: bus_type: fix remove and shutdown support (git-fixes).\n - spi: &lt;linux/spi/spi.h>: add missing struct kernel-doc entry\n (git-fixes).\n - spi: amd: Limit max transfer and message size (git-fixes).\n - staging: rtl8192u: Fix sleep in atomic context bug in\n dm_fsync_timer_callback (git-fixes).\n - sysctl: Fix data races in proc_dointvec() (git-fixes).\n - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).\n - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).\n - sysctl: Fix data races in proc_douintvec() (git-fixes).\n - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).\n - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).\n - thermal/tools/tmon: Include pthread and time headers in tmon.h\n (git-fixes).\n - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes\n (kernel/time)).\n - usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).\n - usb: dwc3: gadget: Fix event pending check (git-fixes).\n - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).\n - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).\n - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).\n - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).\n - usb: typec: add missing uevent when partner support PD (git-fixes).\n - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion\n (git-fixes).\n - usb: xhci: tegra: Fix error check (git-fixes).\n - usbnet: fix memory leak in error case (git-fixes).\n - video: of_display_timing.h: include errno.h (git-fixes).\n - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).\n - virtio-net: fix the race between refill work and close (git-fixes).\n - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).\n - virtio_mmio: Restore guest page size on resume (git-fixes).\n - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).\n - wifi: iwlegacy: 4965: fix potential off-by-one overflow in\n il4965_rs_fill_link_cmd() (git-fixes).\n - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue\n (git-fixes).\n - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).\n - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).\n - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).\n - wifi: p54: add missing parentheses in p54_flush() (git-fixes).\n - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()\n (git-fixes).\n - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()\n (git-fixes).\n - wifi: wil6210: debugfs: fix uninitialized variable use in\n `wil_write_file_wmi()` (git-fixes).\n - x86/bugs: Remove apostrophe typo (bsc#1178134).\n - x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).\n - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).\n - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue\n (bsc#1201381).\n - xen: detect uninitialized xenbus in xenbus_init (git-fixes).\n - xen: do not continue xenstore initialization in case of errors\n (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-2875=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-2875=1\n\n - SUSE Linux Enterprise Workstation Extension 15-SP3:\n\n zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2875=1\n\n - SUSE Linux Enterprise Module for Live Patching 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2875=1\n\n Please note that this is the initial kernel livepatch without fixes\n itself, this livepatch package is later updated by seperate standalone\n livepatch updates.\n\n - SUSE Linux Enterprise Module for Legacy Software 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2875=1\n\n - SUSE Linux Enterprise Module for Development Tools 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2875=1\n\n - SUSE Linux Enterprise Module for Basesystem 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2875=1\n\n - SUSE Linux Enterprise Micro 5.2:\n\n zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2875=1\n\n - SUSE Linux Enterprise Micro 5.1:\n\n zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2875=1\n\n - SUSE Linux Enterprise High Availability 15-SP3:\n\n zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2875=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-23T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1116", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-21505", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-2639", "CVE-2022-29581", "CVE-2022-32250", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-36946"], "modified": "2022-08-23T00:00:00", "id": "SUSE-SU-2022:2875-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Q4D2Z73KGXMUQOPZZVCFRCYVTUWA6E27/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-06T12:08:13", "description": "An update that solves 18 vulnerabilities, contains one\n feature and has 18 fixes is now available.\n\nDescription:\n\n The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2020-36516: Fixed TCP session data injection vulnerability via the\n mixed IPID assignment method (bnc#1196616).\n - CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl\n and closing/opening of ttys that could lead to a use-after-free\n (bnc#1201429).\n - CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could\n lead to a NULL pointer dereference and general protection fault\n (bnc#1200910).\n - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO\n (bnc#1201635).\n - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT\n (bnc#1201636).\n - CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which\n allowed a local attacker to cause memory corruption and escalate\n privileges to root (bnc#1199647).\n - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe\n subsystem (bnc#1198829).\n - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer\n handler in net/rose/rose_timer.c that allow attackers to crash the\n system without any privileges (bsc#1201251).\n - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds\n write in reserve_sfa_size() (bsc#1202154).\n - CVE-2022-20166: Fixed possible out of bounds write due to sprintf\n unsafety that could cause local escalation of privilege (bnc#1200598)\n - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy\n (bsc#1201458).\n - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed\n multiple potential data leaks with Block and Network devices when using\n untrusted backends (bsc#1200762).\n - CVE-2022-29581: Fixed improper update of Reference Count in net/sched\n that could cause root privilege escalation (bnc#1199665).\n - CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c\n that could allow local privilege escalation (bnc#1200015).\n - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that\n could lead to remote DoS (bnc#1201940).\n\n The following non-security bugs were fixed:\n\n - ACPI: APEI: Better fix to avoid spamming the console with old error logs\n (git-fixes).\n - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).\n - ACPI: video: Shortening quirk list by identifying Clevo by board_name\n only (git-fixes).\n - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).\n - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model\n (git-fixes).\n - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop\n (git-fixes).\n - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221\n (git-fixes).\n - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671\n (git-fixes).\n - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array\n (git-fixes).\n - ASoC: Intel: Skylake: Correct the ssp rate discovery in\n skl_get_ssp_clks() (git-fixes).\n - ASoC: Remove unused hw_write_t type (git-fixes).\n - ASoC: cs47l15: Fix event generation for low power mux control\n (git-fixes).\n - ASoC: madera: Fix event generation for OUT1 demux (git-fixes).\n - ASoC: madera: Fix event generation for rate controls (git-fixes).\n - ASoC: ops: Fix off by one in range control validation (git-fixes).\n - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).\n - ASoC: wm5110: Fix DRE control (git-fixes).\n - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put\n (git-fixes).\n - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).\n - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR\n (git-fixes).\n - FDDI: defxx: Make MMIO the configuration default except for EISA\n (git-fixes).\n - Fixed a system crash related to the recent RETBLEED mitigation\n (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).\n - Fixed battery detection problem on macbooks (bnc#1201206).\n - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).\n - KVM/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).\n - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs\n (git-fixes).\n - KVM: VMX: Do not freeze guest when event delivery causes an APIC-access\n exit (git-fixes).\n - KVM: apic: avoid calculating pending eoi from an uninitialized val\n (git-fixes).\n - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2\n (bsc#1201442)\n - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)\n - KVM: emulate: do not adjust size of fastop and setcc subroutines\n (bsc#1201930).\n - KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs\n (git-fixes).\n - KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1\n (git-fixes).\n - KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in\n intel_pmu_refresh() (git-fixes).\n - KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes).\n - KVM: x86: Fix split-irqchip vs interrupt injection window request\n (git-fixes).\n - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks\n (git-fixes).\n - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is\n adjusted (git-fixes).\n - KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes).\n - NFC: nxp-nci: do not print header length mismatch on i2c error\n (git-fixes).\n - PCI/portdrv: Do not disable AER reporting in\n get_port_device_capability() (git-fixes).\n - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()\n (git-fixes).\n - PCI: dwc: Always enable CDM check if \"snps,enable-cdm-check\" exists\n (git-fixes).\n - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).\n - PCI: dwc: Disable outbound windows only for controllers using iATU\n (git-fixes).\n - PCI: dwc: Stop link on host_init errors and de-initialization\n (git-fixes).\n - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).\n - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).\n - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()\n (git-fixes).\n - PCI: tegra194: Fix Root Port interrupt handling (git-fixes).\n - PCI: tegra194: Fix link up retry sequence (git-fixes).\n - PM: runtime: Remove link state checks in rpm_get/put_supplier()\n (git-fixes).\n - Sort in RETbleed backport into the sorted section Now that it is\n upstream..\n - USB: Follow-up to SPDX identifiers addition - remove now useless\n comments (git-fixes).\n - USB: serial: fix tty-port initialized comments (git-fixes).\n - USB: serial: ftdi_sio: add Belimo device ids (git-fixes).\n - amd-xgbe: Update DMA coherency values (git-fixes).\n - arm64 module: set plt* section addresses to 0x0 (git-fixes)\n - arm64: Extend workaround for erratum 1024718 to all versions of\n (git-fixes)\n - arm64: asm: Add new-style position independent function annotations\n (git-fixes)\n - arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return\n (git-fixes)\n - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function\n (git-fixes)\n - arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)\n - arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)\n - arm64: dts: mcbin: support 2W SFP modules (git-fixes)\n - arm64: fix compat syscall return truncation (git-fixes)\n - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)\n - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA\n (git-fixes)\n - arm64: module: remove (NOLOAD) from linker script (git-fixes)\n - arm64: module: rework special section handling (git-fixes)\n - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)\n - arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)\n - arm64: ptrace: Override SPSR.SS when single-stepping is enabled\n (git-fixes)\n - arm64: stackleak: fix current_top_of_stack() (git-fixes)\n - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing\n (git-fixes)\n - arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)\n - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes).\n - ath10k: do not enforce interrupt trigger type (git-fixes).\n - ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).\n - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes).\n - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN\n (git-fixes).\n - block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).\n - block: Fix fsync always failed if once failed (git-fixes).\n - block: Fix wrong offset in bio_truncate() (git-fixes).\n - block: bio-integrity: Advance seed correctly for larger interval sizes\n (git-fixes).\n - block: do not delete queue kobject before its children (git-fixes).\n - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit\n (git-fixes).\n - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature\n (bsc#1199364).\n - bpf: Add config to allow loading modules with BTF mismatches\n (jsc#SLE-24559).\n - bpf: Add in-kernel split BTF support (jsc#SLE-24559).\n - bpf: Assign ID to vmlinux BTF and return extra info for BTF in\n GET_OBJ_INFO (jsc#SLE-24559).\n - bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559).\n - bpf: Load and verify kernel module BTFs (jsc#SLE-24559).\n - bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559).\n - bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559).\n - bus: hisi_lpc: fix missing platform_device_put() in\n hisi_lpc_acpi_probe() (git-fixes).\n - can: Break loopback loop on loopback documentation (git-fixes).\n - can: error: specify the values of data[5..7] of CAN error frames\n (git-fixes).\n - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).\n - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).\n - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off\n (git-fixes).\n - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off\n (git-fixes).\n - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).\n - can: pch_can: pch_can_error(): initialize errc before using it\n (git-fixes).\n - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).\n - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).\n - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).\n - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).\n - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain\n (git-fixes).\n - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).\n - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).\n - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).\n - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).\n - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks\n (git-fixes).\n - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).\n - config: enable DEBUG_INFO_BTF This option allows users to access the btf\n type information for vmlinux but not kernel modules.\n - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the\n (git-fixes)\n - crypto: qat - disable registration of algorithms (git-fixes).\n - crypto: qat - fix memory leak in RSA (git-fixes).\n - crypto: qat - remove dma_free_coherent() for DH (git-fixes).\n - crypto: qat - remove dma_free_coherent() for RSA (git-fixes).\n - crypto: qat - set to zero DH parameters before free (git-fixes).\n - cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).\n - dm btree remove: assign new_root only when removal succeeds (git-fixes).\n - dm btree remove: fix use after free in rebalance_children() (git-fixes).\n - dm bufio: subtract the number of initial sectors in\n dm_bufio_get_device_size (git-fixes).\n - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()\n (git-fixes).\n - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes).\n - dm crypt: make printing of the key constant-time (git-fixes).\n - dm integrity: conditionally disable \"recalculate\" feature (git-fixes).\n - dm integrity: fix a crash if \"recalculate\" used without \"internal_hash\"\n (git-fixes).\n - dm integrity: fix error code in dm_integrity_ctr() (git-fixes).\n - dm integrity: fix memory corruption when tag_size is less than digest\n size (git-fixes).\n - dm integrity: fix the maximum number of arguments (git-fixes).\n - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes).\n - dm persistent data: packed struct should have an aligned() attribute too\n (git-fixes).\n - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload\n sequences (git-fixes).\n - dm snapshot: fix crash with transient storage and zero chunk size\n (git-fixes).\n - dm snapshot: flush merged data before committing metadata (git-fixes).\n - dm snapshot: properly fix a crash when an origin has no snapshots\n (git-fixes).\n - dm space map common: fix division bug in sm_ll_find_free_block()\n (git-fixes).\n - dm stats: add cond_resched when looping over entries (git-fixes).\n - dm verity: fix FEC for RS roots unaligned to block size (git-fixes).\n - dm: fix mempool NULL pointer race when completing IO (git-fixes).\n - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly\n (git-fixes).\n - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).\n - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).\n - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate\n (git-fixes).\n - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate\n (git-fixes).\n - do not call utsname() after ->nsproxy is NULL (bsc#1201196).\n - drbd: fix potential silent data corruption (git-fixes).\n - driver core: fix potential deadlock in __driver_attach (git-fixes).\n - drivers/net: Fix kABI in tun.c (git-fixes).\n - drivers: net: fix memory leak in atusb_probe (git-fixes).\n - drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).\n - drm/amd/display: Enable building new display engine with KCOV enabled\n (git-fixes).\n - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).\n - drm/doc: Fix comment typo (git-fixes).\n - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent()\n failed (git-fixes).\n - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).\n - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).\n - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()\n (git-fixes).\n - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).\n - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function\n (git-fixes).\n - drm/mediatek: dpi: Only enable dpi after the bridge is enabled\n (git-fixes).\n - drm/mediatek: dpi: Remove output format of YUV (git-fixes).\n - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).\n - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform\n (git-fixes).\n - drm/msm/mdp5: Fix global state lock backoff (git-fixes).\n - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).\n - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).\n - drm/panfrost: Put mapping instead of shmem obj on\n panfrost_mmu_map_fault_addr() error (git-fixes).\n - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).\n - drm/radeon: fix potential buffer overflow in\n ni_set_mc_special_registers() (git-fixes).\n - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).\n - drm/rockchip: vop: Do not crash for invalid duplicate_state()\n (git-fixes).\n - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).\n - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable\n iteration (git-fixes).\n - drm/vc4: dsi: Correct DSI divider calculations (git-fixes).\n - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).\n - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes\n (git-fixes).\n - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).\n - drm/vc4: plane: Fix margin calculations for the right/bottom edges\n (git-fixes).\n - drm/vc4: plane: Remove subpixel positioning check (git-fixes).\n - drm: adv7511: override i2c address of cec before accessing it\n (git-fixes).\n - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).\n - drm: bridge: sii8620: fix possible off-by-one (git-fixes).\n - fbcon: Disallow setting font bigger than screen size (git-fixes).\n - fbcon: Prevent that screen size is smaller than font size (git-fixes).\n - fbdev: fbmem: Fix logo center image dx issue (git-fixes).\n - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).\n - fpga: altera-pr-ip: fix unsigned comparison with less than zero\n (git-fixes).\n - ftgmac100: Restart MAC HW once (git-fixes).\n - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()\n (git-fixes).\n - gpio: pca953x: only use single read/write for No AI mode (git-fixes).\n - gpio: pca953x: use the correct range when do regmap sync (git-fixes).\n - gpio: pca953x: use the correct register address when regcache sync\n during init (git-fixes).\n - hex2bin: make the function hex_to_bin constant-time (git-fixes).\n - hv_netvsc: Add (more) validation for untrusted Hyper-V values\n (bsc#1199364).\n - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).\n - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).\n - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer\n (bsc#1199364).\n - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).\n - i2c: Fix a potential use after free (git-fixes).\n - i2c: cadence: Change large transfer count reset logic to be\n unconditional (git-fixes).\n - i2c: cadence: Support PEC for SMBus block read (git-fixes).\n - i2c: cadence: Unregister the clk notifier in error path (git-fixes).\n - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).\n - ida: do not use BUG_ON() for debugging (git-fixes).\n - igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).\n - iio: accel: bma220: Fix alignment for DMA safety (git-fixes).\n - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).\n - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).\n - iio: adc: max1027: Fix alignment for DMA safety (git-fixes).\n - iio: adc: max11100: Fix alignment for DMA safety (git-fixes).\n - iio: adc: max1118: Fix alignment for DMA safety (git-fixes).\n - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).\n - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).\n - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).\n - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large\n (git-fixes).\n - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).\n - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).\n - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).\n - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).\n - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).\n - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).\n - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).\n - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).\n - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).\n - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).\n - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).\n - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).\n - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).\n - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).\n - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).\n - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).\n - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).\n - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).\n - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).\n - ima: Fix a potential integer overflow in ima_appraise_measurement\n (git-fixes).\n - ima: Fix potential memory leak in ima_init_crypto() (git-fixes).\n - intel_th: Fix a resource leak in an error handling path (git-fixes).\n - intel_th: msu-sink: Potential dereference of null pointer (git-fixes).\n - intel_th: msu: Fix vmalloced buffers (git-fixes).\n - kABI workaround for rtsx_usb (git-fixes).\n - kabi: create module private struct to hold btf size/data (jsc#SLE-24559).\n - kbuild: Build kernel module BTFs if BTF is enabled and pahole supports\n it (jsc#SLE-24559).\n - kbuild: Skip module BTF generation for out-of-tree external modules\n (jsc#SLE-24559).\n - kbuild: add marker for build log of *.mod.o (jsc#SLE-24559).\n - kbuild: drop $(wildcard $^) check in if_changed* for faster rebuild\n (jsc#SLE-24559).\n - kbuild: rebuild modules when module linker scripts are updated\n (jsc#SLE-24559).\n - kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559).\n - kbuild: split final module linking out into Makefile.modfinal\n (jsc#SLE-24559).\n - lib/string.c: implement stpcpy (git-fixes).\n - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check\n (git-fixes).\n - linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes).\n - linux/random.h: Use false with bool (git-fixes).\n - lkdtm: Disable return thunks in rodata.c (bsc#1178134).\n - macvlan: remove redundant null check on data (git-fixes).\n - md/bitmap: wait for external bitmap writes to complete during tear down\n (git-fixes).\n - md/raid0: Ignore RAID0 layout if the second zone has only one device\n (git-fixes).\n - md: Set prev_flush_start and flush_bio in an atomic way (git-fixes).\n - md: bcache: check the return value of kzalloc() in\n detached_dev_do_request() (git-fixes).\n - media: hdpvr: fix error value returns in hdpvr_read (git-fixes).\n - media: rc: increase rc-mm tolerance and add debug message (git-fixes).\n - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle\n (git-fixes).\n - media: rtl28xxu: add missing sleep before probing slave demod\n (git-fixes).\n - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).\n - media: smipcie: fix interrupt handling and IR timeout (git-fixes).\n - media: tw686x: Register the irq at the end of probe (git-fixes).\n - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device()\n (git-fixes).\n - media: v4l2-mem2mem: always consider OUTPUT queue during poll\n (git-fixes).\n - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes).\n - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()\n (git-fixes).\n - memregion: Fix memregion_free() fallback definition (git-fixes).\n - memstick/ms_block: Fix a memory leak (git-fixes).\n - memstick/ms_block: Fix some incorrect memory allocation (git-fixes).\n - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).\n - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).\n - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer\n (git-fixes).\n - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).\n - misc: rtsx_usb: use separate command and response buffers (git-fixes).\n - mm/slub: add missing TID updates on slab deactivation (git-fixes).\n - mm: fix page reference leak in soft_offline_page() (git fixes\n (mm/memory-failure)).\n - mmc: cavium-octeon: Add of_node_put() when breaking out of loop\n (git-fixes).\n - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop\n (git-fixes).\n - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).\n - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch\n (git-fixes).\n - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle\n (git-fixes).\n - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg\n (git-fixes).\n - net, xdp: Introduce __xdp_build_skb_from_frame utility routine\n (bsc#1199364).\n - net, xdp: Introduce xdp_build_skb_from_frame utility routine\n (bsc#1199364).\n - net/mlx5e: When changing XDP program without reset, take refs for XSK\n RQs (git-fixes).\n - net/sonic: Fix some resource leaks in error handling paths (git-fixes).\n - net: ag71xx: remove unnecessary MTU reservation (git-fixes).\n - net: allwinner: Fix some resources leak in the error handling path of\n the probe and in the remove function (git-fixes).\n - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning\n (git-fixes).\n - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP\n (git-fixes).\n - net: amd-xgbe: Reset link when the link never comes back (git-fixes).\n - net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout\n (git-fixes).\n - net: axienet: Handle deferred probe on clock properly (git-fixes).\n - net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes).\n - net: dsa: bcm_sf2: put device node before return (git-fixes).\n - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE\n (git-fixes).\n - net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock\n (git-fixes).\n - net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets\n (git-fixes).\n - net: enetc: keep RX ring consumer index in sync with hardware\n (git-fixes).\n - net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).\n - net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes).\n - net: hns3: fix error mask definition of flow director (git-fixes).\n - net: hso: bail out on interrupt URB allocation failure (git-fixes).\n - net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes).\n - net: ll_temac: Fix potential NULL dereference in temac_probe()\n (git-fixes).\n - net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes).\n - net: macb: add function to disable all macb clocks (git-fixes).\n - net: macb: restore cmp registers on resume path (git-fixes).\n - net: macb: unprepare clocks in case of failure (git-fixes).\n - net: mscc: Fix OF_MDIO config check (git-fixes).\n - net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes).\n - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).\n - net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes).\n - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes).\n - net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes).\n - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10\n (git-fixes).\n - net: stmmac: fix watchdog timeout during suspend/resume stress test\n (git-fixes).\n - net: stmmac: stop each tx channel independently (git-fixes).\n - net: tun: set tun->dev->addr_len during TUNSETLINK processing\n (git-fixes).\n - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).\n - net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).\n - net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).\n - net: usb: ax88179_178a: remove redundant assignment to variable ret\n (git-fixes).\n - net: usb: ax88179_178a: write mac to hardware in get_mac_addr\n (git-fixes).\n - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).\n - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).\n - net: usb: use eth_hw_addr_set() (git-fixes).\n - nvme: consider also host_iface when checking ip options (bsc#1199670).\n - octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).\n - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).\n - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).\n - platform/olpc: Fix uninitialized data in debugfs write (git-fixes).\n - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).\n - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe\n (git-fixes).\n - powerpc/mobility: wait for memory transfer to complete (bsc#1201846\n ltc#198761).\n - powerpc/pseries/mobility: set NMI watchdog factor during an LPM\n (bsc#1201846 ltc#198761).\n - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846\n ltc#198761).\n - profiling: fix shift-out-of-bounds bugs (git fixes).\n - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651\n bsc#1200644 bsc#1201954 bsc#1201958).\n - r8169: fix accessing unset transport header (git-fixes).\n - random: document add_hwgenerator_randomness() with other input functions\n (git-fixes).\n - random: fix typo in comments (git-fixes).\n - random: remove useless header comment (git fixes).\n - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).\n - regulator: of: Fix refcount leak bug in of_get_regulation_constraints()\n (git-fixes).\n - rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer\n Dwarves 1.22 or newer is required to build kernels with BTF information\n embedded in modules.\n - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)\n - sched/fair: Revise comment about lb decision matrix (git fixes\n (sched/fair)).\n - sched/membarrier: fix missing local execution of ipi_sync_rq_state()\n (git fixes (sched/membarrier)).\n - scripts: dummy-tools, add pahole (jsc#SLE-24559).\n - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).\n - scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes).\n - scsi: core: Only put parent device if host state differs from\n SHOST_CREATED (git-fixes).\n - scsi: core: Put .shost_dev in failure path if host state changes to\n RUNNING (git-fixes).\n - scsi: core: Put LLD module refcnt after SCSI device is released\n (git-fixes).\n - scsi: core: Retry I/O for Notify (Enable Spinup) Required error\n (git-fixes).\n - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).\n - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable\n (bsc#1201956).\n - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test\n (bsc#1201956 bsc#1200521).\n - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE\n (bsc#1201956).\n - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb()\n (bsc#1201956).\n - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed\n user input (bsc#1201956).\n - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into\n lpfc_sli_prep_abort_xri() (bsc#1201956).\n - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).\n - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after\n VMID (bsc#1201956).\n - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration\n (bsc#1201956).\n - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb\n (bsc#1201956).\n - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).\n - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()\n (bsc#1201958).\n - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).\n - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).\n - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).\n - scsi: qla2xxx: Fix response queue handler reading stale packets\n (bsc#1201958).\n - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).\n - scsi: qla2xxx: Update manufacturer details (bsc#1201958).\n - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).\n - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).\n - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).\n - scsi: scsi_debug: Sanity check block descriptor length in\n resp_mode_select() (git-fixes).\n - scsi: sd: Fix potential NULL pointer dereference (git-fixes).\n - scsi: ufs: Release clock if DMA map fails (git-fixes).\n - scsi: ufs: handle cleanup correctly on devm_reset_control_get error\n (git-fixes).\n - serial: 8250: fix return error code in serial8250_request_std_resource()\n (git-fixes).\n - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).\n - serial: stm32: Clear prev values before setting RTS delays (git-fixes).\n - soc: fsl: guts: machine variable might be unset (git-fixes).\n - soc: ixp4xx/npe: Fix unused match warning (git-fixes).\n - soundwire: bus_type: fix remove and shutdown support (git-fixes).\n - spi: &lt;linux/spi/spi.h>: add missing struct kernel-doc entry\n (git-fixes).\n - spi: amd: Limit max transfer and message size (git-fixes).\n - staging: rtl8192u: Fix sleep in atomic context bug in\n dm_fsync_timer_callback (git-fixes).\n - sysctl: Fix data races in proc_dointvec() (git-fixes).\n - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).\n - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).\n - sysctl: Fix data races in proc_douintvec() (git-fixes).\n - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).\n - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).\n - thermal/tools/tmon: Include pthread and time headers in tmon.h\n (git-fixes).\n - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes\n (kernel/time)).\n - usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).\n - usb: dwc3: gadget: Fix event pending check (git-fixes).\n - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).\n - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).\n - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).\n - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).\n - usb: typec: add missing uevent when partner support PD (git-fixes).\n - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion\n (git-fixes).\n - usb: xhci: tegra: Fix error check (git-fixes).\n - usbnet: fix memory leak in error case (git-fixes).\n - video: of_display_timing.h: include errno.h (git-fixes).\n - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).\n - virtio-net: fix the race between refill work and close (git-fixes).\n - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).\n - virtio_mmio: Restore guest page size on resume (git-fixes).\n - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).\n - wifi: iwlegacy: 4965: fix potential off-by-one overflow in\n il4965_rs_fill_link_cmd() (git-fixes).\n - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue\n (git-fixes).\n - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).\n - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).\n - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).\n - wifi: p54: add missing parentheses in p54_flush() (git-fixes).\n - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()\n (git-fixes).\n - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()\n (git-fixes).\n - wifi: wil6210: debugfs: fix uninitialized variable use in\n `wil_write_file_wmi()` (git-fixes).\n - x86/bugs: Remove apostrophe typo (bsc#1178134).\n - x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).\n - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).\n - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue\n (bsc#1201381).\n - xen: detect uninitialized xenbus in xenbus_init (git-fixes).\n - xen: do not continue xenstore initialization in case of errors\n (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap Micro 5.2:\n\n zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2875=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-01T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1116", "CVE-2022-1462", "CVE-2022-20166", "CVE-2022-21505", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-2639", "CVE-2022-29581", "CVE-2022-32250", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-36946"], "modified": "2022-09-01T00:00:00", "id": "SUSE-SU-2022:2875-2", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NOR2NSDGCLTFWRJP6GDPDSOOED3ZEFM3/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2022-09-06T17:18:13", "description": "[4.1.12-124.66.3]\n- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [Orabug: 33981149] {CVE-2022-1011}\n- vt: drop old FONT ioctls (Jiri Slaby) [Orabug: 34408794] {CVE-2021-33656}\n- video: of_display_timing.h: include errno.h (Hsin-Yi Wang) [Orabug: 34408910] {CVE-2021-33655}\n- fbcon: Disallow setting font bigger than screen size (Helge Deller) [Orabug: 34408910] {CVE-2021-33655}\n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419974] {CVE-2022-21546}\n- scsi/eh: fix hang adding ehandler wakeups after decrementing host_busy (Gulam Mohamed) [Orabug: 33349684] [Orabug: 34492498]\n[4.1.12-124.66.2]\n- mm: enforce min addr even if capable() in expand_downwards() (Jann Horn) [Orabug: 29501997] {CVE-2019-9213}\n- ACPICA: Reference Counts: increase max to 0x4000 for large servers (Erik Schmauss) \n- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- ipv4: Cache net in ip_build_and_send_pkt and ip_queue_xmit (Eric W. Biederman) [Orabug: 33917058] {CVE-2020-36516}\n- ipv4: igmp: guard against silly MTU values (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- inet: constify ip_dont_fragment() arguments (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- ip: constify ip_build_and_send_pkt() socket argument (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (Eric Biggers) [Orabug: 34433461] {CVE-2020-36557}\n- vt: vt_ioctl: fix race in VT_RESIZEX (Eric Dumazet) [Orabug: 34433476] {CVE-2020-36558}\n- VT_RESIZEX: get rid of field-by-field copyin (Al Viro) [Orabug: 34433476] \n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460939] [Orabug: 34484730] {CVE-2022-2588}\n[4.1.12-124.66.1]\n- net: fix uninit-value in __hw_addr_add_ex() (Eric Dumazet) [Orabug: 34395887] \n- mac80211: silence an uninitialized variable warning (Dan Carpenter) [Orabug: 34396283]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9213", "CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1011", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2022-09-06T00:00:00", "id": "ELSA-2022-9761", "href": "http://linux.oracle.com/errata/ELSA-2022-9761.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-11-15T15:26:06", "description": "[4.18.0-425.3.1.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3\n- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]\n[4.18.0-425.3.1]\n- iwlwifi: limit fw version for AC9560 to avoid fw crash (Inigo Huguet) [2129297]\n- sfc: fix null pointer dereference in efx_hard_start_xmit (Inigo Huguet) [2119638]\n- sfc: fix TX channel offset when using legacy interrupts (Inigo Huguet) [2119638]\n- netfilter: conntrack: reduce timeout when receiving out-of-window fin or rst (Florian Westphal) [2047366]\n- netfilter: conntrack: remove unneeded indent level (Florian Westphal) [2047366]\n- netfilter: conntrack: ignore overly delayed tcp packets (Florian Westphal) [2047366]\n- netfilter: conntrack: prepare tcp_in_window for ternary return value (Florian Westphal) [2047366]\n- netfilter: conntrack: remove pr_debug callsites from tcp tracker (Florian Westphal) [2047366]\n- netfilter: conntrack: work around exceeded receive window (Florian Westphal) [2047366]\n- netfilter: conntrack: improve RST handling when tuple is re-used (Florian Westphal) [2047366]\n- netfilter: conntrack: avoid misleading invalid in log message (Florian Westphal) [2047366]\n- netfilter: remove BUG_ON() after skb_header_pointer() (Florian Westphal) [2047366]\n- iavf: Detach device during reset task (Petr Oros) [2069206]\n[4.18.0-425.2.1]\n- EDAC/ghes: Set the DIMM label unconditionally (Aristeu Rozanski) [2109712]\n- configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2123508]\n[4.18.0-425.1.1]\n- i40e: Fix kernel crash during module removal (Ivan Vecera) [2091489]\n- redhat: enable zstream release numbering for rhel 8.7 (Jarod Wilson)\n- ice: Allow operation with reduced device MSI-X (Petr Oros) [2102844]\n[4.18.0-425]\n- EDAC/amd64: Add new register offset support and related changes (Aristeu Rozanski) [2048792]\n- EDAC/amd64: Set memory type per DIMM (Aristeu Rozanski) [2048792]\n- Revert ixgbevf: Mailbox improvements (Ken Cox) [2120545]\n- Revert ixgbevf: Add support for new mailbox communication between PF and VF (Ken Cox) [2120545]\n- drm/amdgpu: Only disable prefer_shadow on hawaii (Lyude Paul) [2118755]\n[4.18.0-424]\n- redhat: configs: add CONFIG_SERIAL_MULTI_INSTANTIATE=m for x86_64 (Jaroslav Kysela) [2005073]\n- ACPI: scan: Add CLSA0101 Laptop Support (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Sort ACPI IDs by HID (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Get rid of redundant else (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Use while (i--) pattern to clean up (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Improve dev_err_probe() messaging (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Drop duplicate check (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Improve autodetection (Jaroslav Kysela) [2005073]\n- ACPI / scan: Create platform device for CS35L41 (Jaroslav Kysela) [2005073]\n- ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Add SPI support (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Reorganize I2C functions (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Use the new i2c_acpi_client_count() helper (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Use device_get_match_data() to get driver data (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Simplify with dev_err_probe() (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Drop redundant ACPI_PTR() (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Replace zero-length array with flexible-array member (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Fail the probe if no IRQ provided (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Derive the device name from parent (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Use struct_size() helper (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Allow to have same slaves (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Introduce IOAPIC IRQ support (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Distinguish IRQ resource type (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Count I2cSerialBus() resources (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Get rid of obsolete conditional (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Defer probe when no adapter found (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Accept errors of i2c_acpi_new_device() (Jaroslav Kysela) [2005073]\n- serdev: Fix detection of UART devices on Apple machines. (Jaroslav Kysela) [2005073]\n- serdev: Add ACPI devices by ResourceSource field (Jaroslav Kysela) [2005073]\n- spi: Return deferred probe error when controller isnt yet available (Jaroslav Kysela) [2005073]\n- spi/acpi: avoid spurious matches during slave enumeration (Jaroslav Kysela) [2005073]\n- spi: Add API to count spi acpi resources (Jaroslav Kysela) [2005073]\n- spi: Support selection of the index of the ACPI Spi Resource before alloc (Jaroslav Kysela) [2005073]\n- ACPI: Test for ACPI_SUCCESS rather than !ACPI_FAILURE (Jaroslav Kysela) [2005073]\n- spi/acpi: fix incorrect ACPI parent check (Jaroslav Kysela) [2005073]\n- spi: Create helper API to lookup ACPI info for spi device (Jaroslav Kysela) [2005073]\n- spi/acpi: enumerate all SPI slaves in the namespace (Jaroslav Kysela) [2005073]\n- spi: kill useless initializer in spi_register_controller() (Jaroslav Kysela) [2005073]\n- spi: fix ctrl->num_chipselect constraint (Jaroslav Kysela) [2005073]\n- spi: Dont call spi_get_gpio_descs() before device name is set (Jaroslav Kysela) [2005073]\n- spi: Avoid undefined behaviour when counting unused native CSs (Jaroslav Kysela) [2005073]\n- spi: Allow to have all native CSs in use along with GPIOs (Jaroslav Kysela) [2005073]\n- spi: Add missing error handling for CS GPIOs (Jaroslav Kysela) [2005073]\n- spi: export tracepoint symbols to modules (Jaroslav Kysela) [2005073]\n- spi: Fix zero length xfer bug (Jaroslav Kysela) [2005073]\n- spi: Add generic support for unused native cs with cs-gpios (Jaroslav Kysela) [2005073]\n- spi: Reduce kthread priority (Jaroslav Kysela) [2005073]\n- spi: core: Use DEVICE_ATTR_RW() for SPI slave control sysfs attribute (Jaroslav Kysela) [2005073]\n- i2c: acpi: Add an i2c_acpi_client_count() helper function (Jaroslav Kysela) [2005073]\n- s390/qeth: cache link_info for ethtool (Michal Schmidt) [2117098]\n- nfp: amend removal of MODULE_VERSION (Stefan Assmann) [1955769]\n- x86/speculation: Add LFENCE to RSB fill sequence (Waiman Long) [2115080] {CVE-2022-26373}\n- x86/speculation: Add RSB VM Exit protections (Waiman Long) [2115080] {CVE-2022-26373}\n- tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080]\n- tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080]\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Waiman Long) [2115080]\n- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Waiman Long) [2115080]\n- x86/amd: Use IBPB for firmware calls (Waiman Long) [2115080]\n- x86/bugs: Warn when ibrs mitigation is selected on Enhanced IBRS parts (Waiman Long) [2115080]\n- iavf: Fix reset error handling (Petr Oros) [2119759]\n- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2119759]\n- iavf: Fix adminq error handling (Petr Oros) [2119759]\n- iavf: Fix missing state logs (Petr Oros) [2119759]\n- ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Ken Cox) [1978613]\n[4.18.0-423]\n- netfilter: ipset: fix suspicious RCU usage in find_set_and_id (Florian Westphal) [2118526]\n- net/mlx5e: Update netdev features after changing XDP state (Amir Tzin) [2049440]\n- net/mlx5e: CT: Use own workqueue instead of mlx5e priv (Amir Tzin) [2049440]\n- net/mlx5e: CT: Add ct driver counters (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules (Amir Tzin) [2049440]\n- net/mlx5e: Align mlx5e_cleanup_uplink_rep_tx() with upstream code. (Amir Tzin) [2049440]\n- net/mlx5e: Correct the calculation of max channels for rep (Amir Tzin) [2049440]\n- Documentation: devlink: mlx5.rst: Fix htmldoc build warning (Amir Tzin) [2049440]\n- net/mlx5: fs, fail conflicting actions (Amir Tzin) [2049440]\n- net/mlx5: Rearm the FW tracer after each tracer event (Amir Tzin) [2049440]\n- net/mlx5: correct ECE offset in query qp output (Amir Tzin) [2049440]\n- net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (Amir Tzin) [2049440]\n- net/mlx5e: TC NIC mode, fix tc chains miss table (Amir Tzin) [2049440]\n- net/mlx5: Dont use already freed action pointer (Amir Tzin) [2049440]\n- net/mlx5: fix typo in comment (Amir Tzin) [2049440]\n- IB/mlx5: Fix undefined behavior due to shift overflowing the constant (Amir Tzin) [2049440]\n- net/mlx5e: Force ethertype usage in mlx5_ct_fs_smfs_fill_mask() (Amir Tzin) [2049440]\n- net/mlx5: Drain fw_reset when removing device (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix setting flow_source for smfs ct tuples (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix support for GRE tuples (Amir Tzin) [2049440]\n- net/mlx5e: Remove HW-GRO from reported features (Amir Tzin) [2049440]\n- net/mlx5e: Properly block HW GRO when XDP is enabled (Amir Tzin) [2049440]\n- net/mlx5e: Properly block LRO when XDP is enabled (Amir Tzin) [2049440]\n- net/mlx5e: Block rx-gro-hw feature in switchdev mode (Amir Tzin) [2049440]\n- net/mlx5e: Wrap mlx5e_trap_napi_poll into rcu_read_lock (Amir Tzin) [2049440]\n- net/mlx5: Initialize flow steering during driver probe (Amir Tzin) [2049440]\n- net/mlx5: Fix matching on inner TTC (Amir Tzin) [2049440]\n- net/mlx5: Avoid double clear or set of sync reset requested (Amir Tzin) [2049440]\n- net/mlx5: Fix deadlock in sync reset flow (Amir Tzin) [2049440]\n- net/mlx5e: Fix trust state reset in reload (Amir Tzin) [2049440]\n- net/mlx5e: Avoid checking offload capability in post_parse action (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Amir Tzin) [2049440]\n- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (Amir Tzin) [2049440]\n- net/mlx5e: Lag, Dont skip fib events on current dst (Amir Tzin) [2049440]\n- net/mlx5e: Lag, Fix fib_info pointer assignment (Amir Tzin) [2049440]\n- net/mlx5e: Lag, Fix use-after-free in fib event handler (Amir Tzin) [2049440]\n- net/mlx5e: Fix the calling of update_buffer_lossy() API (Amir Tzin) [2049440]\n- net/mlx5e: Dont match double-vlan packets if cvlan is not set (Amir Tzin) [2049440]\n- net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Amir Tzin) [2049440]\n- RDMA/mlx5: Add a missing update of cache->last_add (Amir Tzin) [2049440]\n- RDMA/mlx5: Dont remove cache MRs when a delay is needed (Amir Tzin) [2049440]\n- net/mlx5e: HTB, remove unused function declaration (Amir Tzin) [2049440]\n- net/mlx5e: Statify function mlx5_cmd_trigger_completions (Amir Tzin) [2049440]\n- net/mlx5: Remove unused fill page array API function (Amir Tzin) [2049440]\n- net/mlx5: Remove unused exported contiguous coherent buffer allocation API (Amir Tzin) [2049440]\n- net/mlx5: CT: Remove extra rhashtable remove on tuple entries (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove hw_ste from mlx5dr_ste to reduce memory (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove 4 members from mlx5dr_ste_htbl to reduce memory (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove num_of_entries byte_size from struct mlx5_dr_icm_chunk (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove icm_addr from mlx5dr_icm_chunk to reduce memory (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove mr_addr rkey from struct mlx5dr_icm_chunk (Amir Tzin) [2049440]\n- net/mlx5: DR, Adjust structure member to reduce memory hole (Amir Tzin) [2049440]\n- net/mlx5e: Drop cqe_bcnt32 from mlx5e_skb_from_cqe_mpwrq_linear (Amir Tzin) [2049440]\n- net/mlx5e: Drop the len output parameter from mlx5e_xdp_handle (Amir Tzin) [2049440]\n- net/mlx5e: RX, Test the XDP program existence out of the handler (Amir Tzin) [2049440]\n- net/mlx5e: Build SKB in place over the first fragment in non-linear legacy RQ (Amir Tzin) [2049440]\n- net/mlx5e: Add headroom only to the first fragment in legacy RQ (Amir Tzin) [2049440]\n- net/mlx5e: Validate MTU when building non-linear legacy RQ fragments info (Amir Tzin) [2049440]\n- net/mlx5e: MPLSoUDP encap, support action vlan pop_eth explicitly (Amir Tzin) [2049440]\n- net/mlx5e: MPLSoUDP decap, use vlan push_eth instead of pedit (Amir Tzin) [2049440]\n- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (Amir Tzin) [2049440]\n- net/mlx5e: Fix use-after-free in mlx5e_stats_grp_sw_update_stats (Amir Tzin) [2049440]\n- net/mlx5e: Remove overzealous validations in netlink EEPROM query (Amir Tzin) [2049440]\n- net/mlx5: Parse module mapping using mlx5_ifc (Amir Tzin) [2049440]\n- net/mlx5: Query the maximum MCIA register read size from firmware (Amir Tzin) [2049440]\n- net/mlx5: CT: Create smfs dr matchers dynamically (Amir Tzin) [2049440]\n- net/mlx5: CT: Add software steering ct flow steering provider (Amir Tzin) [2049440]\n- net/mlx5: Add smfs lib to export direct steering API to CT (Amir Tzin) [2049440]\n- net/mlx5: DR, Add helper to get backing dr table from a mlx5 flow table (Amir Tzin) [2049440]\n- net/mlx5: CT: Introduce a platform for multiple flow steering providers (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the doorbell pgdir (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for UAR (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the EQs (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the EQ table (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the IRQ table (Amir Tzin) [2049440]\n- net/mlx5: Delete useless module.h include (Amir Tzin) [2049440]\n- net/mlx5: DR, Add support for ConnectX-7 steering (Amir Tzin) [2049440]\n- net/mlx5: DR, Refactor ste_ctx handling for STE v0/1 (Amir Tzin) [2049440]\n- net/mlx5: DR, Rename action modify fields to reflect naming in HW spec (Amir Tzin) [2049440]\n- net/mlx5: DR, Fix handling of different actions on the same STE in STEv1 (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove unneeded comments (Amir Tzin) [2049440]\n- net/mlx5: DR, Add support for matching on Internet Header Length (IHL) (Amir Tzin) [2049440]\n- net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior (Amir Tzin) [2049440]\n- net/mlx5: Add debugfs counters for page commands failures (Amir Tzin) [2049440]\n- net/mlx5: Add pages debugfs (Amir Tzin) [2049440]\n- net/mlx5: Move debugfs entries to separate struct (Amir Tzin) [2049440]\n- net/mlx5: Change release_all_pages cap bit location (Amir Tzin) [2049440]\n- net/mlx5: Remove redundant error on reclaim pages (Amir Tzin) [2049440]\n- net/mlx5: Remove redundant error on give pages (Amir Tzin) [2049440]\n- net/mlx5: Remove redundant notify fail on give pages (Amir Tzin) [2049440]\n- net/mlx5: Add command failures data to debugfs (Amir Tzin) [2049440]\n- net/mlx5e: TC, Fix use after free in mlx5e_clone_flow_attr_for_post_act() (Amir Tzin) [2049440]\n- net/mlx5: Support GRE conntrack offload (Amir Tzin) [2049440]\n- mlx5: add support for page_pool_get_stats (Amir Tzin) [2049440]\n- net/mlx5: Add migration commands definitions (Amir Tzin) [2049440]\n- net/mlx5: Introduce migration bits and structures (Amir Tzin) [2049440]\n- net/mlx5: Expose APIs to get/put the mlx5 core device (Amir Tzin) [2049440]\n- net/mlx5: Disable SRIOV before PF removal (Amir Tzin) [2049440]\n- net/mlx5: Reuse exported virtfn index function call (Amir Tzin) [2049440]\n- net/mlx5: Add clarification on sync reset failure (Amir Tzin) [2049440]\n- net/mlx5: Add reset_state field to MFRL register (Amir Tzin) [2049440]\n- RDMA/mlx5: Use new command interface API (Amir Tzin) [2049440]\n- net/mlx5: cmdif, Refactor error handling and reporting of async commands (Amir Tzin) [2049440]\n- net/mlx5: Use mlx5_cmd_do() in core create_{cq,dct} (Amir Tzin) [2049440]\n- net/mlx5: cmdif, Add new api for command execution (Amir Tzin) [2049440]\n- net/mlx5: cmdif, cmd_check refactoring (Amir Tzin) [2049440]\n- net/mlx5: cmdif, Return value improvements (Amir Tzin) [2049440]\n- net/mlx5: Lag, offload active-backup drops to hardware (Amir Tzin) [2049440]\n- net/mlx5: Lag, record inactive state of bond device (Amir Tzin) [2049440]\n- net/mlx5: Lag, dont use magic numbers for ports (Amir Tzin) [2049440]\n- net/mlx5: Lag, use local variable already defined to access E-Switch (Amir Tzin) [2049440]\n- net/mlx5: E-switch, add drop rule support to ingress ACL (Amir Tzin) [2049440]\n- net/mlx5: E-switch, remove special uplink ingress ACL handling (Amir Tzin) [2049440 2049580]\n- net/mlx5: E-Switch, reserve and use same uplink metadata across ports (Amir Tzin) [2049440 2049580]\n- net/mlx5: Add ability to insert to specific flow group (Amir Tzin) [2049440]\n- mlx5: remove unused static inlines (Amir Tzin) [2049440]\n- RDMA/mlx5: Reorder calls to pcie_relaxed_ordering_enabled() (Amir Tzin) [2049440]\n- RDMA/mlx5: Store ndescs instead of the translation table size (Amir Tzin) [2049440]\n- RDMA/mlx5: Merge similar flows of allocating MR from the cache (Amir Tzin) [2049440]\n- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (Amir Tzin) [2049440]\n- RDMA/mlx5: Remove redundant work in struct mlx5_cache_ent (Amir Tzin) [2049440]\n- net/mlx5e: TC, Allow sample action with CT (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Make post_act parse CT and sample actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Clean redundant counter flag from tc action parsers (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Use multi table support for CT and sample actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Create new flow attr for multi table actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Add post act offload/unoffload API (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Pass actions param to actions_match_supported() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Move flow hashtable to be per rep (Amir Tzin) [2049440]\n- net/mlx5e: E-Switch, Add support for tx_port_ts in switchdev mode (Amir Tzin) [2049440]\n- net/mlx5e: E-Switch, Add PTP counters for uplink representor (Amir Tzin) [2049440]\n- net/mlx5e: RX, Restrict bulk size for small Striding RQs (Amir Tzin) [2049440]\n- net/mlx5e: Default to Striding RQ when not conflicting with CQE compression (Amir Tzin) [2049440]\n- net/mlx5e: Generalize packet merge error message (Amir Tzin) [2049440]\n- net/mlx5e: Add support for using xdp->data_meta (Amir Tzin) [2049440]\n- net/mlx5e: Fix spelling mistake supoported -> supported (Amir Tzin) [2049440]\n- net/mlx5e: Optimize the common case condition in mlx5e_select_queue (Amir Tzin) [2049440]\n- net/mlx5e: Optimize modulo in mlx5e_select_queue (Amir Tzin) [2049440]\n- net/mlx5e: Optimize mlx5e_select_queue (Amir Tzin) [2049440]\n- net/mlx5e: Use READ_ONCE/WRITE_ONCE for DCBX trust state (Amir Tzin) [2049440]\n- net/mlx5e: Move repeating code that gets TC prio into a function (Amir Tzin) [2049440]\n- net/mlx5e: Use select queue parameters to sync with control flow (Amir Tzin) [2049440]\n- net/mlx5e: Move mlx5e_select_queue to en/selq.c (Amir Tzin) [2049440]\n- net/mlx5e: Introduce select queue parameters (Amir Tzin) [2049440]\n- net/mlx5e: Sync txq2sq updates with mlx5e_xmit for HTB queues (Amir Tzin) [2049440]\n- net/mlx5e: Use a barrier after updating txq2sq (Amir Tzin) [2049440]\n- net/mlx5e: Disable TX queues before registering the netdev (Amir Tzin) [2049440]\n- net/mlx5e: Cleanup of start/stop all queues (Amir Tzin) [2049440]\n- net/mlx5e: Use FW limitation for max MPW WQEBBs (Amir Tzin) [2049440]\n- net/mlx5e: Read max WQEBBs on the SQ from firmware (Amir Tzin) [2049440]\n- net/mlx5e: Remove unused tstamp SQ field (Amir Tzin) [2049440]\n- RDMA/mlx5: Delete useless module.h include (Amir Tzin) [2049440]\n- RDMA/mlx5: Delete get_num_static_uars function (Amir Tzin) [2049440]\n- net/mlx5: VLAN push on RX, pop on TX (Amir Tzin) [2049440 2049616]\n- net/mlx5: Introduce software defined steering capabilities (Amir Tzin) [2049440 2049616]\n- net/mlx5: Remove unused TIR modify bitmask enums (Amir Tzin) [2049440]\n- net/mlx5e: CT, Remove redundant flow args from tc ct calls (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Store mapped tunnel id on flow attr (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Test CT and SAMPLE on flow attr (Amir Tzin) [2049440 2049580 2049659]\n- net/mlx5e: Refactor eswitch attr flags to just attr flags (Amir Tzin) [2049440 2049580 2049659]\n- net/mlx5e: CT, Dont set flow flag CT for ct clear flow (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Hold sample_attr on stack instead of pointer (Amir Tzin) [2049440 2049580 2049659]\n- net/mlx5e: TC, Reject rules with multiple CT actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get flow attr (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Pass attr to tc_act can_offload() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Split pedit offloads verify from alloc_tc_pedit_action() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Move pedit_headers_action to parse_attr (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Move counter creation call to alloc_flow_attr_counter() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Pass attr arg for attaching/detaching encaps (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Move code chunk setting encap dests into its own function (Amir Tzin) [2049440 2049659]\n- net_sched: cls_route: remove from list when handle is 0 (Felix Maurer) [2116328] {CVE-2022-2588}\n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Florian Westphal) [2116356] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Florian Westphal) [2116356] {CVE-2022-2586}\n- netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) [2116159] {CVE-2022-36946}\n- net: let flow have same hash in two directions (Ivan Vecera) [2111094]\n- ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. (Ivan Vecera) [2111094]\n- net: Add notifications when multipath hash field change (Ivan Vecera) [2111094]\n- selftests: forwarding: Add test for custom multipath hash with IPv6 GRE (Ivan Vecera) [2111094]\n- selftests: forwarding: Add test for custom multipath hash with IPv4 GRE (Ivan Vecera) [2111094]\n- selftests: forwarding: Add test for custom multipath hash (Ivan Vecera) [2111094]\n- ipv6: Add custom multipath hash policy (Ivan Vecera) [2111094]\n- ipv6: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094]\n- ipv6: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094]\n- ipv6: Use a more suitable label name (Ivan Vecera) [2111094]\n- ipv4: Add custom multipath hash policy (Ivan Vecera) [2111094]\n- ipv4: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094]\n- ipv4: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094]\n- ipv6: Use math to point per net sysctls into the appropriate struct net (Ivan Vecera) [2111094]\n- selftest/net/forwarding: declare NETIFS p9 p10 (Ivan Vecera) [2111094]\n- ipv6: Fix sysctl max for fib_multipath_hash_policy (Ivan Vecera) [2111094]\n- selftests: forwarding: Test multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094]\n- ipv6: Support multipath hashing on inner IP pkts (Ivan Vecera) [2111094]\n- ipv4: Multipath hashing on inner L3 needs to consider inner IPv6 pkts (Ivan Vecera) [2111094]\n- ipv4: Support multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094]\n- ipv4: Initialize flowi4_multipath_hash in data path (Ivan Vecera) [2111094]\n- net: ipv4: Fix NULL pointer dereference in route lookup (Ivan Vecera) [2111094]\n- route: Add multipath_hash in flowi_common to make user-define hash (Ivan Vecera) [2111094]\n[4.18.0-422]\n- drm/nouveau/kms/nv140-: Disable interlacing (Lyude Paul) [2097647]\n- rpm: convert gcc and libelf to Recommends (Jarod Wilson) [2114900]\n- redhat: add ca7 to redhat/git/files (Jarod Wilson)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-15T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-11-15T00:00:00", "id": "ELSA-2022-7683", "href": "http://linux.oracle.com/errata/ELSA-2022-7683.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-02-28T21:35:36", "description": "## Summary\n\nVulnerabilities in Linux Kernel and Golang Go might affect IBM Spectrum Copy Data Management. Vulnerabilities include denial of service, elevation of privileges, obtaining sensitive information, bypassing security restrictions, buffer overflow, and execution of arbitrary code on system.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3640](<https://vulners.com/cve/CVE-2021-3640>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the sco_send_frame function. By using a specially-crafted payload, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206144](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206144>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-2938](<https://vulners.com/cve/CVE-2022-2938>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the implementation of Pressure Stall Information. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234236](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234236>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-29581](<https://vulners.com/cve/CVE-2022-29581>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper update of reference count in net/sched. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226762](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226762>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-28893](<https://vulners.com/cve/CVE-2022-28893>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the inet_put_port function in the SUNRPC subsystem. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-41716](<https://vulners.com/cve/CVE-2022-41716>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to bypass security restrictions, caused by improper checking for invalid environment variable values in syscall.StartProcess and os/exec.Cmd. By using a specially-crafted environment variable value, an attacker could exploit this vulnerability to set a value for a different environment variable. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240206](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240206>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-36946](<https://vulners.com/cve/CVE-2022-36946>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an error in the nfqnl_mangle in net/netfilter/nfnetlink_queue.c. By sending a specially-crafted request where the attacker truncates the packet below the header size, a remote attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232324](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232324>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-1055](<https://vulners.com/cve/CVE-2022-1055>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free exists in tc_new_tfilter. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222851](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222851>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2022-2586](<https://vulners.com/cve/CVE-2022-2586>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the nf_tables cross-table reference. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233084](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233084>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-1184](<https://vulners.com/cve/CVE-2022-1184>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the dx_insert_block() function in in fs/ext4/namei.c. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234729](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234729>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36558](<https://vulners.com/cve/CVE-2020-36558>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a race condition in VT_RESIZEX. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231892](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231892>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-28390](<https://vulners.com/cve/CVE-2022-28390>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a double-free flaw in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-1016](<https://vulners.com/cve/CVE-2022-1016>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a use-after-free flaw in net/netfilter/nf_tables_core.c:nft_do_chain. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain kernel information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-0854](<https://vulners.com/cve/CVE-2022-0854>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by memory leak flaw in the DMA subsystem. By sending a specially-crafted request using the DMA_FROM_DEVICE function, an attacker could exploit this vulnerability to read random memory from the kernel space, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222424](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222424>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-2078](<https://vulners.com/cve/CVE-2022-2078>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a buffer overflow in the nft_set_desc_concat_parse() function. By sending a specially-crafted HTTP request, a local authenticated attacker could exploit this vulnerability to cause a denial of service and possibly execute arbitrary code on the system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230147](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230147>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-2639](<https://vulners.com/cve/CVE-2022-2639>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an integer coercion error in the openvswitch kernel module. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause the system to crash. \nCVSS Base score: 7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235135](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235135>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Copy Data Management| 2.2.0.0-2.2.18.0 \n \n \n\n\n## Remediation/Fixes\n\n**IBM Spectrum Copy Data Management ****Affected Versions**| **Fixing \n****Level**| **Platform**| **Link to Fix and Instructions \n** \n---|---|---|--- \n2.2.0.0-2.2.18.0| 2.2.18.1| Linux| <https://www.ibm.com/support/pages/node/6833906> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-17T16:48:39", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Linux Kernel and Golang Go might affect IBM Spectrum Copy Data Management", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36558", "CVE-2021-3640", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-2078", "CVE-2022-2586", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946", "CVE-2022-41716"], "modified": "2023-01-17T16:48:39", "id": "7A31AC3AD76478BCDFF5EAFDE198D822A87AF40F80D6BE332BB307F284077425", "href": "https://www.ibm.com/support/pages/node/6854985", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T13:34:47", "description": "## Summary\n\nIBM Spectrum Protect Plus can be affected by vulnerabilities in the Linux Kernel. Vulnerabilities include obtaining sensitive information, denial of service, elevation of privileges and remote execution of arbitrary code, as described by the CVEs in the \"Vulnerability Details\" section.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-0494](<https://vulners.com/cve/CVE-2022-0494>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain kernel information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222611](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222611>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-36558](<https://vulners.com/cve/CVE-2020-36558>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a race condition in VT_RESIZEX. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231892](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231892>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-1353](<https://vulners.com/cve/CVE-2022-1353>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a kernel-info-leak issue in pfkey_register function in net/key/af_key.c. A local authenticated attacker could exploit this vulnerability to leak internal kernel information or cause the system to crash. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225506](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225506>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H) \n \n** CVEID: **[CVE-2022-24448](<https://vulners.com/cve/CVE-2022-24448>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an uninitialized data flaw in fs/nfs/dir.c. By using a specially-crafted application to set the O_DIRECTORY flag and attempt to open a regular file, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218947](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218947>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-2078](<https://vulners.com/cve/CVE-2022-2078>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a buffer overflow in the nft_set_desc_concat_parse() function. By sending a specially-crafted HTTP request, a local authenticated attacker could exploit this vulnerability to cause a denial of service and possibly execute arbitrary code on the system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230147](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230147>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-2586](<https://vulners.com/cve/CVE-2022-2586>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the nf_tables cross-table reference. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233084](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233084>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-2964](<https://vulners.com/cve/CVE-2022-2964>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by multiple out-of-bounds reads and possible out-of-bounds writes flaw in the driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235652](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235652>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-0168](<https://vulners.com/cve/CVE-2022-0168>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the smb2_ioctl_query_info function in the fs/cifs/smb2ops.c. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234582](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234582>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-2639](<https://vulners.com/cve/CVE-2022-2639>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an integer coercion error in the openvswitch kernel module. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause the system to crash. \nCVSS Base score: 7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235135](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235135>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-1055](<https://vulners.com/cve/CVE-2022-1055>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free exists in tc_new_tfilter. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222851](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222851>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2022-36946](<https://vulners.com/cve/CVE-2022-36946>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an error in the nfqnl_mangle in net/netfilter/nfnetlink_queue.c. By sending a specially-crafted request where the attacker truncates the packet below the header size, a remote attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232324](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232324>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-29581](<https://vulners.com/cve/CVE-2022-29581>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper update of reference count in net/sched. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226762](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226762>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-1184](<https://vulners.com/cve/CVE-2022-1184>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the dx_insert_block() function in in fs/ext4/namei.c. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234729](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234729>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-28390](<https://vulners.com/cve/CVE-2022-28390>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a double-free flaw in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3640](<https://vulners.com/cve/CVE-2021-3640>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the sco_send_frame function. By using a specially-crafted payload, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206144](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206144>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-4379](<https://vulners.com/cve/CVE-2022-4379>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the __nfs42_ssc_open() function in fs/nfs/nfs4file.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/244391](<https://exchange.xforce.ibmcloud.com/vulnerabilities/244391>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Plus| 10.1.0 - 10.1.13 \n \n\n\n## Remediation/Fixes\n\n**Affected Versions**| **Fixing Leve**l| **Platform**| **Link to Fix and Instructions** \n---|---|---|--- \n10.1.0 - 10.1.13| 10.1.14| Linux| <https://www.ibm.com/support/pages/node/6942717> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-16T14:18:44", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Linux Kernel may affect IBM Spectrum Protect Plus", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36558", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0494", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1353", "CVE-2022-2078", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-29581", "CVE-2022-2964", "CVE-2022-36946", "CVE-2022-4379"], "modified": "2023-03-16T14:18:44", "id": "80CD718D1D142D3B40DCBA71626D910648A9F36D3E9F858F36123167200B31E5", "href": "https://www.ibm.com/support/pages/node/6963936", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "rocky": [{"lastseen": "2023-02-02T17:07:49", "description": "An update is available for kernel-rt.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n* Race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)\n\n* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n* Memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)\n\n* smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168)\n\n* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n* Uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n* Race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n* use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n* buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n* openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n* use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n* net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n* Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* Memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n* Double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n* Use after free in SUNRPC subsystem (CVE-2022-28893)\n\n* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T06:19:55", "type": "rocky", "title": "kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-11-08T06:19:55", "id": "RLSA-2022:7444", "href": "https://errata.rockylinux.org/RLSA-2022:7444", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-02T17:07:27", "description": "An update is available for kernel.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n* race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)\n\n* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n* memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)\n\n* smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168)\n\n* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n* uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n* race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n* use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n* buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n* openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n* use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n* net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n* Spectre-BHB (CVE-2022-23960)\n\n* Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n* double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n* use after free in SUNRPC subsystem (CVE-2022-28893)\n\n* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T06:26:19", "type": "rocky", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-11-08T06:26:19", "id": "RLSA-2022:7683", "href": "https://errata.rockylinux.org/RLSA-2022:7683", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "almalinux": [{"lastseen": "2022-11-12T02:52:49", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n* race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)\n* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n* memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)\n* smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168)\n* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n* uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n* race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n* use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n* buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n* openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n* use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n* net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n* Spectre-BHB (CVE-2022-23960)\n* Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n* memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n* double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n* use after free in SUNRPC subsystem (CVE-2022-28893)\n* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T00:00:00", "type": "almalinux", "title": "Moderate: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-11-11T21:27:24", "id": "ALSA-2022:7683", "href": "https://errata.almalinux.org/8/ALSA-2022-7683.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2023-02-22T12:13:16", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n* Race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)\n\n* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n* Memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)\n\n* smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168)\n\n* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n* Uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n* Race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n* use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n* buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n* openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n* use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n* net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n* Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* Memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n* Double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n* Use after free in SUNRPC subsystem (CVE-2022-28893)\n\n* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T06:19:55", "type": "redhat", "title": "(RHSA-2022:7444) Moderate: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1158", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-2153", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2023-02-22T10:36:35", "id": "RHSA-2022:7444", "href": "https://access.redhat.com/errata/RHSA-2022:7444", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T18:13:14", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n* race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)\n\n* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n* memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)\n\n* smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168)\n\n* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n* uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n* race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n* use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n* buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n* openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n* use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n* net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n* Spectre-BHB (CVE-2022-23960)\n\n* Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n* double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n* use after free in SUNRPC subsystem (CVE-2022-28893)\n\n* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T06:26:19", "type": "redhat", "title": "(RHSA-2022:7683) Moderate: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1158", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-2153", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2023-02-21T16:53:41", "id": "RHSA-2022:7683", "href": "https://access.redhat.com/errata/RHSA-2022:7683", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-14T23:19:21", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.6.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nBugs addressed:\n\n* clusters belong to global clusterset is not selected by placement when rescheduling (BZ# 2129679)\n\n* RHACM 2.6.3 images (BZ# 2139085)\n\nSecurity fixes:\n\n* CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function \n Security\n\n* CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-14T19:39:55", "type": "redhat", "title": "(RHSA-2022:9040) Important: Red Hat Advanced Cluster Management 2.6.3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-25255", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-30293", "CVE-2022-3517", "CVE-2022-36946", "CVE-2022-37434", "CVE-2022-41912", "CVE-2022-42898"], "modified": "2022-12-14T19:40:16", "id": "RHSA-2022:9040", "href": "https://access.redhat.com/errata/RHSA-2022:9040", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-08T18:08:09", "description": "Openshift Logging Bug Fix Release (5.3.14)\n\nSecurity Fixe(s):\n\n* jackson-databind: denial of service via a large depth of nested objects\u00a0(CVE-2020-36518)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-08T16:23:35", "type": "redhat", "title": "(RHSA-2022:8889) Moderate: Openshift Logging 5.3.14 bug fix release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2020-36516", "CVE-2020-36518", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1852", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-20368", "CVE-2022-2068", "CVE-2022-2078", "CVE-2022-2097", "CVE-2022-21499", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2509", "CVE-2022-25255", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-30293", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-36946", "CVE-2022-37434", "CVE-2022-39399", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42898"], "modified": "2022-12-08T16:23:58", "id": "RHSA-2022:8889", "href": "https://access.redhat.com/errata/RHSA-2022:8889", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-08T08:08:09", "description": "Logging Subsystem 5.5.5 - Red Hat OpenShift\n\nSecurity Fixe(s):\n\n* jackson-databind: denial of service via a large depth of nested objects\u00a0(CVE-2020-36518)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879, CVE-2022-2880, CVE-2022-41715)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* loader-utils: Regular expression denial of service (CVE-2022-37603)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-08T07:35:26", "type": "redhat", "title": "(RHSA-2022:8781) Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-35525", "CVE-2020-35527", "CVE-2020-36516", "CVE-2020-36518", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1586", "CVE-2022-1785", "CVE-2022-1852", "CVE-2022-1897", "CVE-2022-1927", "CVE-2022-20368", "CVE-2022-2068", "CVE-2022-2078", "CVE-2022-2097", "CVE-2022-21499", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2509", "CVE-2022-25255", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27664", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-2879", "CVE-2022-2880", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-30293", "CVE-2022-32189", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-36946", "CVE-2022-37434", "CVE-2022-37603", "CVE-2022-39399", "CVE-2022-41715", "CVE-2022-42003", "CVE-2022-42004"], "modified": "2022-12-08T07:35:50", "id": "RHSA-2022:8781", "href": "https://access.redhat.com/errata/RHSA-2022:8781", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}